<!doctype html><html lang="en"><head><title data-rh="true">BPFDoor — an active Chinese global surveillance tool | by Kevin Beaumont | May, 2022 | DoublePulsar</title><meta data-rh="true" charset="utf-8"/><meta data-rh="true" name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1,maximum-scale=1"/><meta data-rh="true" name="theme-color" content="#000000"/><meta data-rh="true" name="twitter:app:name:iphone" content="Medium"/><meta data-rh="true" name="twitter:app:id:iphone" content="828256236"/><meta data-rh="true" property="al:ios:app_name" content="Medium"/><meta data-rh="true" property="al:ios:app_store_id" content="828256236"/><meta data-rh="true" property="al:android:package" content="com.medium.reader"/><meta data-rh="true" property="fb:app_id" content="542599432471018"/><meta data-rh="true" property="og:site_name" content="Medium"/><meta data-rh="true" property="og:type" content="article"/><meta data-rh="true" property="article:published_time" content="2022-05-07T15:50:26.307Z"/><meta data-rh="true" name="title" content="BPFDoor — an active Chinese global surveillance tool | by Kevin Beaumont | May, 2022 | DoublePulsar"/><meta data-rh="true" property="og:title" content="BPFDoor — an active Chinese global surveillance tool"/><meta data-rh="true" property="twitter:title" content="BPFDoor — an active Chinese global surveillance tool"/><meta data-rh="true" name="twitter:site" content="@GossiTheDog"/><meta data-rh="true" name="twitter:app:url:iphone" content="medium://p/54b078f1a896"/><meta data-rh="true" property="al:android:url" content="medium://p/54b078f1a896"/><meta data-rh="true" property="al:ios:url" content="medium://p/54b078f1a896"/><meta data-rh="true" property="al:android:app_name" content="Medium"/><meta data-rh="true" name="description" content="Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen, a Chinese threat actor group. BPFDoor is interesting. It…"/><meta data-rh="true" property="og:description" content="Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen…"/><meta data-rh="true" property="twitter:description" content="Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen…"/><meta data-rh="true" property="og:url" content="https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"/><meta data-rh="true" property="al:web:url" content="https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"/><meta data-rh="true" property="og:image" content="https://miro.medium.com/max/688/1*IXT0IHLg56KOuzwIEsAKfA.png"/><meta data-rh="true" name="twitter:image:src" content="https://miro.medium.com/max/688/1*IXT0IHLg56KOuzwIEsAKfA.png"/><meta data-rh="true" name="twitter:card" content="summary_large_image"/><meta data-rh="true" property="article:author" content="https://medium.com/@networksecurity"/><meta data-rh="true" name="author" content="Kevin Beaumont"/><meta data-rh="true" name="robots" content="index,follow,max-image-preview:large"/><meta data-rh="true" name="referrer" content="unsafe-url"/><meta data-rh="true" name="twitter:label1" content="Reading time"/><meta data-rh="true" name="twitter:data1" content="3 min read"/><link data-rh="true" rel="search" type="application/opensearchdescription+xml" title="Medium" href="/osd.xml"/><link data-rh="true" rel="apple-touch-icon" sizes="152x152" href="https://miro.medium.com/fit/c/152/152/1*sHhtYhaCe2Uc3IU0IgKwIQ.png"/><link data-rh="true" rel="apple-touch-icon" sizes="120x120" href="https://miro.medium.com/fit/c/120/120/1*sHhtYhaCe2Uc3IU0IgKwIQ.png"/><link data-rh="true" rel="apple-touch-icon" sizes="76x76" href="https://miro.medium.com/fit/c/76/76/1*sHhtYhaCe2Uc3IU0IgKwIQ.png"/><link data-rh="true" rel="apple-touch-icon" sizes="60x60" href="https://miro.medium.com/fit/c/60/60/1*sHhtYhaCe2Uc3IU0IgKwIQ.png"/><link data-rh="true" rel="mask-icon" href="https://cdn-static-1.medium.com/_/fp/icons/Medium-Avatar-500x500.svg" color="#171717"/><link data-rh="true" id="glyph_preload_link" rel="preload" as="style" type="text/css" href="https://glyph.medium.com/css/unbound.css"/><link data-rh="true" id="glyph_link" rel="stylesheet" type="text/css" href="https://glyph.medium.com/css/unbound.css"/><link data-rh="true" rel="icon" href="https://miro.medium.com/fit/c/256/256/1*euFkwA7zJWm-l7aDoNtJrw.jpeg"/><link data-rh="true" rel="author" href="https://medium.com/@networksecurity"/><link data-rh="true" rel="canonical" href="https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"/><link data-rh="true" rel="alternate" href="android-app://com.medium.reader/https/medium.com/p/54b078f1a896"/><script data-rh="true" type="application/ld+json">{"@context":"http:\u002F\u002Fschema.org","@type":"NewsArticle","image":["https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F1200\u002F1*IXT0IHLg56KOuzwIEsAKfA.png"],"url":"https:\u002F\u002Fdoublepulsar.com\u002Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896","dateCreated":"2022-05-07T15:36:10.628Z","datePublished":"2022-05-07T15:36:10.628Z","dateModified":"2022-05-07T15:50:35.783Z","headline":"BPFDoor — an active Chinese global surveillance tool","name":"BPFDoor — an active Chinese global surveillance tool","description":"Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen, a Chinese threat actor group. BPFDoor is interesting. It…","identifier":"54b078f1a896","author":{"@type":"Person","name":"Kevin Beaumont","url":"https:\u002F\u002Fdoublepulsar.com\u002F@networksecurity"},"creator":["Kevin Beaumont"],"publisher":{"@type":"Organization","name":"DoublePulsar","url":"doublepulsar.com","logo":{"@type":"ImageObject","width":136,"height":60,"url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F272\u002F1*bry5HIDtIpONm_IDzSVYWA.jpeg"}},"mainEntityOfPage":"https:\u002F\u002Fdoublepulsar.com\u002Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896","isAccessibleForFree":"False","hasPart":{"@type":"WebPageElement","isAccessibleForFree":"False","cssSelector":".meteredContent"}}</script><style type="text/css" data-fela-rehydration="516" data-fela-type="STATIC">html{box-sizing:border-box}*, *:before, *:after{box-sizing:inherit}body{margin:0;padding:0;text-rendering:optimizeLegibility;-webkit-font-smoothing:antialiased;color:rgba(0,0,0,0.8);position:relative;min-height:100vh}h1, h2, h3, h4, h5, h6, dl, dd, ol, ul, menu, figure, blockquote, p, pre, form{margin:0}menu, ol, ul{padding:0;list-style:none;list-style-image:none}main{display:block}a{color:inherit;text-decoration:none}a, button, input{-webkit-tap-highlight-color:transparent}img, svg{vertical-align:middle}button{background:transparent;overflow:visible}button, input, optgroup, select, textarea{margin:0}:root{--reach-tabs:1;--reach-menu-button:1}#speechify-root{font-family:Sohne, sans-serif}div[data-popper-reference-hidden="true"]{visibility:hidden;pointer-events:none}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE">.a{font-family:medium-content-sans-serif-font, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif}.b{font-weight:400}.c{background-color:rgba(255, 255, 255, 1)}.l{display:block}.m{margin:auto}.n{max-width:1504px}.o{display:flex}.u{justify-content:space-between}.ag{height:100%}.al{padding:0 24px}.am{box-shadow:0px -2px 10px rgba(0, 0, 0, 0.15)}.an{height:56px}.ao{align-items:center}.ap{position:fixed}.aq{top:0}.ar{right:0}.as{left:0}.at{z-index:500}.au{color:inherit}.av{fill:inherit}.aw{font-size:inherit}.ax{border:inherit}.ay{font-family:inherit}.az{letter-spacing:inherit}.ba{font-weight:inherit}.bb{padding:0}.bc{margin:0}.bg:disabled{cursor:default}.bh:disabled{color:rgba(117, 117, 117, 1)}.bi:disabled{fill:rgba(117, 117, 117, 1)}.bj{height:25px}.bk{fill:rgba(41, 41, 41, 1)}.bl{padding-top:0px}.bm{text-align:center}.bn{font-family:sohne, "Helvetica Neue", Helvetica, Arial, sans-serif}.bo{font-size:14px}.bp{line-height:20px}.bq{color:rgba(242, 242, 242, 1)}.br{padding:7px 16px 9px}.bs{fill:rgba(242, 242, 242, 1)}.bt{background:rgba(242, 242, 242, 1)}.bu{border-color:rgba(242, 242, 242, 1)}.ca:disabled{cursor:inherit !important}.cb:disabled{opacity:0.1}.cc:disabled:hover{background:rgba(25, 25, 25, 1)}.cd:disabled:hover{border-color:rgba(25, 25, 25, 1)}.ce{border-radius:99em}.cf{width:100%}.cg{border-width:1px}.ch{border-style:solid}.ci{box-sizing:border-box}.cj{display:inline-block}.ck{text-decoration:none}.cl{margin-left:16px}.cm{display:none}.co{color:rgba(117, 117, 117, 1)}.cp{color:rgba(26, 137, 23, 1)}.cq{fill:rgba(26, 137, 23, 1)}.ct:disabled{color:rgba(163, 208, 162, 0.5)}.cu:disabled{fill:rgba(163, 208, 162, 0.5)}.da{height:100vh}.db{flex-direction:column}.dc{position:sticky}.dd{z-index:1}.de{height:23px}.df{padding-bottom:35px}.dg{fill:rgba(117, 117, 117, 1)}.dh{padding-left:28px}.di{transition:all 0.2s ease-in-out}.dm{margin-right:28px}.do{font-size:16px}.dp{line-height:24px}.dq{position:relative}.dr{margin:0px 0px 35px 28px }.ds{width:24px}.dt{border:0}.du{height:1px}.dv{background-color:rgba(230, 230, 230, 1)}.dw{padding:0 24px 24px}.dx{height:64px}.dy path{fill:rgba(168, 168, 168, 1)}.dz{justify-content:center}.ea{flex:1}.eb{border:none}.ec{background:transparent}.ed{box-shadow:0px 2px 10px rgba(0, 0, 0, 0.15)}.ee{z-index:600}.ef{bottom:0}.eg{justify-content:space-around}.eh{height:16px}.ei{background-color:rgba(237, 237, 237, 1)}.eo{min-width:0}.ep{flex:1 1 auto}.eq{padding:0 32px}.er{border-left:1px solid rgba(230, 230, 230, 1)}.es{min-height:100vh}.et{width:394px}.ev{color:rgba(139, 130, 129, 1)}.ew{fill:rgba(139, 130, 129, 1)}.ez:disabled{color:rgba(139, 130, 129, 0.5)}.fa:disabled{fill:rgba(139, 130, 129, 0.5)}.fb{border-bottom:1px solid rgba(230, 230, 230, 1)}.fl{margin-right:16px}.fm{box-shadow:inset 0 0 0 1px rgba(0, 0, 0, 0.05)}.fn{border-radius:50%}.fo{height:32px}.fp{width:32px}.fq{position:absolute}.fr{background-color:rgba(242, 242, 242, 1)}.fs{margin-right:3px}.ft{flex:0 0 auto}.fu{overflow:hidden}.fv{max-height:20px}.fw{text-overflow:ellipsis}.fx{display:-webkit-box}.fy{-webkit-line-clamp:1}.fz{-webkit-box-orient:vertical}.ga{word-break:break-all}.gc{color:rgba(41, 41, 41, 1)}.gn{margin-left:auto}.go{margin-right:auto}.gp{max-width:728px}.ha{align-items:flex-start}.hb{height:48px}.hc{width:48px}.hd{margin-bottom:4px}.he{flex-direction:row}.hf{padding-left:12px}.hk{font-size:13px}.hl{color:rgba(255, 255, 255, 1)}.hm{padding:0px 8px 1px}.hn{fill:rgba(255, 255, 255, 1)}.ho{background:rgba(139, 130, 129, 1)}.hp{border-color:rgba(139, 130, 129, 1)}.hs:disabled{opacity:0.3}.ht:disabled:hover{background:rgba(139, 130, 129, 1)}.hu:disabled:hover{border-color:rgba(139, 130, 129, 1)}.hv{flex-wrap:wrap}.hw{padding:0 8px}.hx{padding-left:6px}.hy{transform:translateY(-1.25px)}.hz{font-size:15px}.id{padding-right:4px}.ie{padding:8px 2px}.ig{margin:0 4px 0 28px}.ih path{fill:rgba(41, 41, 41, 1)}.ii{cursor:pointer}.il svg path{fill:rgba(117, 117, 117, 1)}.im{display:inline-flex}.in{padding-top:24px}.iq{border:1px solid rgba(230, 230, 230, 1)}.ir{padding:6px 15px 6px 10px}.it svg{margin-right:8px}.iu{padding-right:12px}.iv{background:rgba(255, 255, 255, 1)}.iw{border-radius:4px}.ix{box-shadow:0 1px 4px rgba(230, 230, 230, 1)}.iy{max-height:100vh}.iz{overflow-y:auto}.ja{top:calc(100vh + 100px)}.jb{bottom:calc(100vh + 100px)}.jc{width:10px}.jd{pointer-events:none}.je{word-break:break-word}.jf{word-wrap:break-word}.jg:after{display:block}.jh:after{content:""}.ji:after{clear:both}.jj{line-height:1.23}.jk{letter-spacing:0}.jl{font-style:normal}.jm{font-weight:700}.kh{margin-bottom:-0.27em}.ki{line-height:1.58}.kj{letter-spacing:-0.004em}.kk{font-family:charter, Georgia, Cambria, "Times New Roman", Times, serif}.lf{margin-bottom:-0.46em}.lg{max-width:565px}.ll{clear:both}.lm{max-width:100%}.ln{height:auto}.lo{text-decoration:underline}.lp{padding-bottom:56.199999999999996%}.lq{height:0}.lr{clear:left}.ls{float:left}.lt{font-size:66px}.lu{line-height:.83}.lv{margin-right:12px}.mb{max-width:688px}.mc{box-shadow:inset 3px 0 0 0 rgba(41, 41, 41, 1)}.md{padding-left:23px}.me{margin-left:-20px}.mf{font-style:italic}.mj{max-width:1969px}.ml{cursor:zoom-in}.mm{z-index:auto}.mo{line-height:1.31}.mp{letter-spacing:-0.022em}.mq{font-weight:600}.nl{margin-bottom:-0.37em}.nr{line-height:28px}.ns{letter-spacing:-0.003em}.nw{list-style-type:disc}.nx{margin-left:30px}.ny{padding-left:0px}.nz{font-size:18px}.oa{margin-top:16px}.ob{opacity:1}.oc{transition:opacity 300ms}.od{bottom:16px}.oe{padding:0 14px 0 16px}.of{border-radius:20px}.og{box-shadow:0px 2px 10px 0px rgba(0, 0, 0, 0.1)}.oh{height:40px}.oi{margin-right:5px}.ol{-webkit-user-select:none}.om{outline:0}.on{user-select:none}.oo> svg{pointer-events:none}.pa{text-align:left}.pd{border-right:1px solid rgba(230, 230, 230, 1)}.pe{margin:0 16px}.pf{height:12px}.pg{padding:4px 0}.pi{margin-left:4px}.pj{border-top:none}.pk{height:52px}.pl{max-height:52px}.pm{box-sizing:content-box}.pn{position:static}.po{flex:1 0 auto}.pq{max-width:155px}.pt{margin-left:24px}.pu{margin-top:0px}.pv path{fill:rgba(117, 117, 117, 1)}.px{margin:0 20px}.py{background-color:rgba(250, 250, 250, 1)}.pz{padding-bottom:4px}.qa{padding-top:32px}.qb{font-weight:500}.qo{padding-top:5px}.qp{padding-top:25px}.qq{padding-bottom:96px}.qr{padding-top:40px}.qs{padding-bottom:80px}.qt{padding:30px 0}.qu{margin-bottom:0}.qv{min-width:100vw}.qw{background-color:rgba(0, 0, 0, 1)}.rb{max-width:1192px}.re:disabled{color:rgba(255, 255, 255, 0.6)}.rf:disabled{fill:rgba(255, 255, 255, 0.45)}.rg{height:22px}.rh{margin-top:20px}.ri{color:rgba(255, 255, 255, 0.95)}.rk{margin-right:20px}.rl{background-color:rgba(255, 255, 255, 0.4)}.rm{margin:28px 0 20px}.rn{padding:40px 0}.ro{width:inherit}.rp{outline:none}.rq{padding:8px 0 11px}.rr{background-color:transparent}.rs::placeholder{color:rgba(117, 117, 117, 1)}.rt{padding:7px 7px 6px 8px}.ru{margin-top:40px}.rv{height:88px}.rw{width:88px}.rx{margin-top:4px}.ry{margin-top:12px}.rz{margin-top:24px}.sa{margin-bottom:40px}.sb{width:auto}.sc{margin-left:8px}.sd{stroke:rgba(242, 242, 242, 1)}.se{height:36px}.sf{width:36px}.sg{margin-top:32px}.sh{margin-bottom:24px}.si{margin-right:24px}.sj{flex:1 0 0%}.sk{margin-bottom:8px}.sl{margin-right:8px}.sm{height:20px}.sn{width:20px}.so{max-height:60px}.sp{-webkit-line-clamp:3}.sq{width:56px}.sr{padding-bottom:100%}.ss{border-radius:2px}.st{padding:24px 0}.su{margin-right:6px}.sv{font-size:11px}.sw{line-height:16px}.bd:hover{cursor:pointer}.be:hover{color:rgba(25, 25, 25, 1)}.bf:hover{fill:rgba(25, 25, 25, 1)}.bv:hover{background:rgba(242, 242, 242, 1)}.bw:hover{border-color:rgba(242, 242, 242, 1)}.bx:hover{cursor:wait}.by:hover{color:rgba(242, 242, 242, 1)}.bz:hover{fill:rgba(242, 242, 242, 1)}.cr:hover{color:rgba(15, 115, 12, 1)}.cs:hover{fill:rgba(15, 115, 12, 1)}.dj:hover{color:rgba(41, 41, 41, 1)}.dk:hover{fill:rgba(41, 41, 41, 1)}.ex:hover{color:rgba(119, 112, 111, 1)}.ey:hover{fill:rgba(119, 112, 111, 1)}.hq:hover{background:rgba(119, 112, 111, 1)}.hr:hover{border-color:rgba(119, 112, 111, 1)}.if:hover path{fill:rgba(8, 8, 8, 1)}.ij:hover svg path{fill:rgba(8, 8, 8, 1)}.is:hover{border-color:rgba(204, 204, 204, 1)}.or:hover{fill:rgba(8, 8, 8, 1)}.oz:hover{color:rgba(8, 8, 8, 1)}.ph:hover p{color:rgba(8, 8, 8, 1)}.rc:hover{color:rgba(255, 255, 255, 1)}.rd:hover{fill:rgba(255, 255, 255, 0.9)}.rj:hover{text-decoration:underline}.ik:focus svg path{fill:rgba(8, 8, 8, 1)}.mn:focus{transform:scale(1.01)}.oq:focus{fill:rgba(8, 8, 8, 1)}.pw:focus path{fill:rgba(8, 8, 8, 1)}.op:active{border-style:none}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (min-width: 1080px)">.d{display:none}.t{flex-direction:row}.z{width:80px}.ab{min-height:100vh}.ac{flex-shrink:1}.ae{border-right:1px solid rgba(230, 230, 230, 1)}.cv{display:block}.cw{text-align:center}.cx{padding:40px 0}.en{margin-bottom:0}.fi{margin:0 32px}.fj{max-width:692px}.gh{margin-bottom:40px}.gm{padding:0 16px}.gy{margin-bottom:32px}.gz{margin-top:56px}.ic{display:inline-flex}.kd{font-size:32px}.ke{margin-top:0.6em}.kf{line-height:40px}.kg{letter-spacing:-0.016em}.lb{font-size:20px}.lc{margin-top:2em}.ld{line-height:32px}.le{letter-spacing:-0.003em}.ma{padding-top:7px}.mi{font-size:21px}.nh{font-size:22px}.ni{margin-top:3.14em}.nj{line-height:28px}.nk{letter-spacing:0}.nq{margin-top:0.86em}.nv{margin-top:2.14em}.oy{margin-top:0px}.pc{display:inline-block}.qm{line-height:24px}.qn{max-height:24px}.ra{margin:0 64px}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (max-width: 1079.98px)">.e{display:none}.ox{margin-top:0px}.pb{display:inline-block}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (max-width: 903.98px)">.f{display:none}.ow{margin-top:0px}.ps{display:inline-block}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (max-width: 727.98px)">.g{display:none}.cn{display:block}.ou{margin-top:0px}.ov{margin-right:0px}.pr{display:inline-block}.qx{padding:24px 0}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (max-width: 551.98px)">.h{display:none}.p{flex-direction:column}.v{width:auto}.ah{display:block}.ej{margin-bottom:56px}.fc{margin:0 24px}.gd{margin-bottom:80px}.gi{padding:0 8px}.gq{margin-bottom:24px}.gr{margin-top:32px}.hg{display:inline-block}.io{display:flex}.jn{font-size:32px}.jo{margin-top:0.64em}.jp{line-height:40px}.jq{letter-spacing:-0.016em}.kl{font-size:18px}.km{margin-top:1.56em}.kn{line-height:28px}.ko{letter-spacing:-0.003em}.lh{margin-top:40px}.lw{padding-top:0}.mr{font-size:20px}.ms{margin-top:1.9em}.mt{line-height:24px}.mu{letter-spacing:0}.nm{margin-top:0.67em}.oj{margin-left:0px}.os{margin-top:0px}.ot{margin-right:0px}.qc{font-size:16px}.qd{line-height:20px}.qe{max-height:20px}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (min-width: 904px) and (max-width: 1079.98px)">.i{display:none}.s{flex-direction:column}.y{width:auto}.ak{display:block}.em{margin-bottom:56px}.fg{margin:0 32px}.fh{max-width:692px}.gg{margin-bottom:40px}.gl{padding:0 16px}.gw{margin-bottom:24px}.gx{margin-top:32px}.hj{display:inline-block}.ib{display:inline-flex}.jz{font-size:32px}.ka{margin-top:0.6em}.kb{line-height:40px}.kc{letter-spacing:-0.016em}.kx{font-size:20px}.ky{margin-top:2em}.kz{line-height:32px}.la{letter-spacing:-0.003em}.lk{margin-top:56px}.lz{padding-top:7px}.mh{font-size:21px}.nd{font-size:22px}.ne{margin-top:3.14em}.nf{line-height:28px}.ng{letter-spacing:0}.np{margin-top:0.86em}.nu{margin-top:2.14em}.qk{line-height:24px}.ql{max-height:24px}.qz{margin:0 64px}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (min-width: 728px) and (max-width: 903.98px)">.j{display:none}.r{flex-direction:column}.x{width:auto}.aj{display:block}.el{margin-bottom:56px}.fe{margin:0 32px}.ff{max-width:692px}.gf{margin-bottom:40px}.gk{padding:0 16px}.gu{margin-bottom:24px}.gv{margin-top:32px}.hi{display:inline-block}.ia{display:inline-flex}.jv{font-size:32px}.jw{margin-top:0.6em}.jx{line-height:40px}.jy{letter-spacing:-0.016em}.kt{font-size:20px}.ku{margin-top:2em}.kv{line-height:32px}.kw{letter-spacing:-0.003em}.lj{margin-top:56px}.ly{padding-top:7px}.mg{font-size:21px}.mz{font-size:22px}.na{margin-top:3.14em}.nb{line-height:28px}.nc{letter-spacing:0}.no{margin-top:0.86em}.nt{margin-top:2.14em}.qi{line-height:24px}.qj{max-height:24px}.qy{margin:0 48px}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (min-width: 552px) and (max-width: 727.98px)">.k{display:none}.q{flex-direction:column}.w{width:auto}.ai{display:block}.ek{margin-bottom:56px}.fd{margin:0 24px}.ge{margin-bottom:80px}.gj{padding:0 8px}.gs{margin-bottom:24px}.gt{margin-top:32px}.hh{display:inline-block}.ip{display:flex}.jr{font-size:32px}.js{margin-top:0.64em}.jt{line-height:40px}.ju{letter-spacing:-0.016em}.kp{font-size:18px}.kq{margin-top:1.56em}.kr{line-height:28px}.ks{letter-spacing:-0.003em}.li{margin-top:40px}.lx{padding-top:0}.mv{font-size:20px}.mw{margin-top:1.9em}.mx{line-height:24px}.my{letter-spacing:0}.nn{margin-top:0.67em}.ok{margin-left:0px}.qf{font-size:16px}.qg{line-height:20px}.qh{max-height:20px}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="print">.pp{display:none}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (min-width: 7000px)">.af{width:224px}.cy{text-align:left}.cz{padding:40px 24px}.dl{display:none}.dn{display:block}.fk{margin:0 auto}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="all and (max-width: 1239.98px)">.eu{width:280px}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="(orientation: landscape) and (max-width: 903.98px)">.gb{max-height:none}</style><style type="text/css" data-fela-rehydration="516" data-fela-type="RULE" media="(prefers-reduced-motion: no-preference)">.mk{transition:transform 300ms cubic-bezier(0.2, 0, 0.2, 1)}</style></head><body><div id="root"><div class="a b c"><div class="d e f g h i j k"></div><script>document.domain = document.domain;</script><div class="l c"><div class="m n l"><div class="o p q r s t u"><div class="v w x y z ab ac ae af"><nav class="ag"><div class="ah ai aj ak d"><div class="al am an o ao u ap aq ar as at c"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" aria-label="Homepage" href="https://medium.com/" rel="noopener follow"><svg viewBox="0 0 1043.63 592.71" class="bj bk"><g data-name="Layer 2"><g data-name="Layer 1"><path d="M588.67 296.36c0 163.67-131.78 296.35-294.33 296.35S0 460 0 296.36 131.78 0 294.34 0s294.33 132.69 294.33 296.36M911.56 296.36c0 154.06-65.89 279-147.17 279s-147.17-124.94-147.17-279 65.88-279 147.16-279 147.17 124.9 147.17 279M1043.63 296.36c0 138-23.17 249.94-51.76 249.94s-51.75-111.91-51.75-249.94 23.17-249.94 51.75-249.94 51.76 111.9 51.76 249.94"></path></g></g></svg></a><div class="o ao"><div class="cl cm cn"><span class="bn b bo bp co"><a class="ev ew aw ax ay az ba bb bc bd ex ey bg ez fa" href="https://rsci.app.link/?$canonical_url=https%3A%2F%2Fmedium.com/p/54b078f1a896&amp;~feature=LoOpenInAppButton&amp;~channel=ShowPostUnderCollection&amp;~stage=mobileNavBar" rel="noopener follow">Open in app</a></span></div></div></div><div class="an l"></div></div><div class="ag h k j i cv"><div class="da o db u dc aq dd c"><div class="cw cx cy cz"><a aria-label="Homepage" href="https://medium.com/" rel="noopener follow"><svg viewBox="0 0 1043.63 592.71" class="de bk"><g data-name="Layer 2"><g data-name="Layer 1"><path d="M588.67 296.36c0 163.67-131.78 296.35-294.33 296.35S0 460 0 296.36 131.78 0 294.34 0s294.33 132.69 294.33 296.36M911.56 296.36c0 154.06-65.89 279-147.17 279s-147.17-124.94-147.17-279 65.88-279 147.16-279 147.17 124.9 147.17 279M1043.63 296.36c0 138-23.17 249.94-51.76 249.94s-51.75-111.91-51.75-249.94 23.17-249.94 51.75-249.94 51.76 111.9 51.76 249.94"></path></g></g></svg></a></div><div class="l"><div class="df l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/" rel="noopener follow"><div class="o dq"><div class="co dg o dh di dj dk"><div class="l dl dm"><div><div class="cj" role="tooltip" aria-hidden="false"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Home"><path d="M4.5 10.75v10.5c0 .14.11.25.25.25h5c.14 0 .25-.11.25-.25v-5.5c0-.14.11-.25.25-.25h3.5c.14 0 .25.11.25.25v5.5c0 .14.11.25.25.25h5c.14 0 .25-.11.25-.25v-10.5M22 9l-9.1-6.83a1.5 1.5 0 0 0-1.8 0L2 9" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round"></path></svg></div></div></div><div class="cm dn dm" aria-hidden="true"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Home"><path d="M4.5 10.75v10.5c0 .14.11.25.25.25h5c.14 0 .25-.11.25-.25v-5.5c0-.14.11-.25.25-.25h3.5c.14 0 .25.11.25.25v5.5c0 .14.11.25.25.25h5c.14 0 .25-.11.25-.25v-10.5M22 9l-9.1-6.83a1.5 1.5 0 0 0-1.8 0L2 9" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round"></path></svg></div><div class="cm dn bn b do dp">Home</div></div></div></a></div><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?operation=register&amp;redirect=https%3A%2F%2Fmedium.com%2Fme%2Fnotifications&amp;source=--------------------------notifications_sidenav-----------" rel="noopener follow"><div class="df l"><div class="o dq"><div class="co dg o dh di dj dk"><div class="l dl dm"><div><div class="cj" role="tooltip" aria-hidden="false"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Notifications"><path d="M15 18.5a3 3 0 1 1-6 0" stroke="currentColor" stroke-linecap="round"></path><path d="M5.5 10.53V9a6.5 6.5 0 0 1 13 0v1.53c0 1.42.56 2.78 1.57 3.79l.03.03c.26.26.4.6.4.97v2.93c0 .14-.11.25-.25.25H3.75a.25.25 0 0 1-.25-.25v-2.93c0-.37.14-.71.4-.97l.03-.03c1-1 1.57-2.37 1.57-3.79z" stroke="currentColor" stroke-linejoin="round"></path></svg></div></div></div><div class="cm dn dm" aria-hidden="true"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Notifications"><path d="M15 18.5a3 3 0 1 1-6 0" stroke="currentColor" stroke-linecap="round"></path><path d="M5.5 10.53V9a6.5 6.5 0 0 1 13 0v1.53c0 1.42.56 2.78 1.57 3.79l.03.03c.26.26.4.6.4.97v2.93c0 .14-.11.25-.25.25H3.75a.25.25 0 0 1-.25-.25v-2.93c0-.37.14-.71.4-.97l.03-.03c1-1 1.57-2.37 1.57-3.79z" stroke="currentColor" stroke-linejoin="round"></path></svg></div><div class="cm dn bn b do dp">Notifications</div></div></div></div></a></span><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?operation=register&amp;redirect=https%3A%2F%2Fmedium.com%2Fme%2Flists&amp;source=--------------------------lists_sidenav-----------" rel="noopener follow"><div class="df l"><div class="o dq"><div class="co dg o dh di dj dk"><div class="l dl dm"><div><div class="cj" role="tooltip" aria-hidden="false"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Lists"><path d="M4.5 6.25V21c0 .2.24.32.4.2l5.45-4.09a.25.25 0 0 1 .3 0l5.45 4.09c.16.12.4 0 .4-.2V6.25a.25.25 0 0 0-.25-.25H4.75a.25.25 0 0 0-.25.25z" stroke="currentColor" stroke-linecap="round"></path><path d="M8 6V3.25c0-.14.11-.25.25-.25h11.5c.14 0 .25.11.25.25V16.5" stroke="currentColor" stroke-linecap="round"></path></svg></div></div></div><div class="cm dn dm" aria-hidden="true"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Lists"><path d="M4.5 6.25V21c0 .2.24.32.4.2l5.45-4.09a.25.25 0 0 1 .3 0l5.45 4.09c.16.12.4 0 .4-.2V6.25a.25.25 0 0 0-.25-.25H4.75a.25.25 0 0 0-.25.25z" stroke="currentColor" stroke-linecap="round"></path><path d="M8 6V3.25c0-.14.11-.25.25-.25h11.5c.14 0 .25.11.25.25V16.5" stroke="currentColor" stroke-linecap="round"></path></svg></div><div class="cm dn bn b do dp">Lists</div></div></div></div></a></span><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?operation=register&amp;redirect=https%3A%2F%2Fmedium.com%2Fme%2Fstories%2Fdrafts&amp;source=--------------------------stories_sidenav-----------" rel="noopener follow"><div class="df l"><div class="o dq"><div class="co dg o dh di dj dk"><div class="l dl dm"><div><div class="cj" role="tooltip" aria-hidden="false"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Stories"><path d="M4.75 21.5h14.5c.14 0 .25-.11.25-.25V2.75a.25.25 0 0 0-.25-.25H4.75a.25.25 0 0 0-.25.25v18.5c0 .14.11.25.25.25z" stroke="currentColor"></path><path d="M8 8.5h8M8 15.5h5M8 12h8" stroke="currentColor" stroke-linecap="round"></path></svg></div></div></div><div class="cm dn dm" aria-hidden="true"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Stories"><path d="M4.75 21.5h14.5c.14 0 .25-.11.25-.25V2.75a.25.25 0 0 0-.25-.25H4.75a.25.25 0 0 0-.25.25v18.5c0 .14.11.25.25.25z" stroke="currentColor"></path><path d="M8 8.5h8M8 15.5h5M8 12h8" stroke="currentColor" stroke-linecap="round"></path></svg></div><div class="cm dn bn b do dp">Stories</div></div></div></div></a></span><div class="dr ds l"><hr class="dt du dv bc" aria-hidden="true"/></div><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?operation=register&amp;redirect=https%3A%2F%2Fmedium.com%2Fnew-story&amp;source=--------------------------new_post_sidenav-----------" rel="noopener follow"><div class="df l"><div class="o dq"><div class="co dg o dh di dj dk"><div class="l dl dm"><div><div class="cj" role="tooltip" aria-hidden="false"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Write"><path d="M14 4a.5.5 0 0 0 0-1v1zm7 6a.5.5 0 0 0-1 0h1zm-7-7H4v1h10V3zM3 4v16h1V4H3zm1 17h16v-1H4v1zm17-1V10h-1v10h1zm-1 1a1 1 0 0 0 1-1h-1v1zM3 20a1 1 0 0 0 1 1v-1H3zM4 3a1 1 0 0 0-1 1h1V3z" fill="currentColor"></path><path d="M17.5 4.5l-8.46 8.46a.25.25 0 0 0-.06.1l-.82 2.47c-.07.2.12.38.31.31l2.47-.82a.25.25 0 0 0 .1-.06L19.5 6.5m-2-2l2.32-2.32c.1-.1.26-.1.36 0l1.64 1.64c.1.1.1.26 0 .36L19.5 6.5m-2-2l2 2" stroke="currentColor"></path></svg></div></div></div><div class="cm dn dm" aria-hidden="true"><svg width="24" height="24" viewBox="0 0 24 24" fill="none" aria-label="Write"><path d="M14 4a.5.5 0 0 0 0-1v1zm7 6a.5.5 0 0 0-1 0h1zm-7-7H4v1h10V3zM3 4v16h1V4H3zm1 17h16v-1H4v1zm17-1V10h-1v10h1zm-1 1a1 1 0 0 0 1-1h-1v1zM3 20a1 1 0 0 0 1 1v-1H3zM4 3a1 1 0 0 0-1 1h1V3z" fill="currentColor"></path><path d="M17.5 4.5l-8.46 8.46a.25.25 0 0 0-.06.1l-.82 2.47c-.07.2.12.38.31.31l2.47-.82a.25.25 0 0 0 .1-.06L19.5 6.5m-2-2l2.32-2.32c.1-.1.26-.1.36 0l1.64 1.64c.1.1.1.26 0 .36L19.5 6.5m-2-2l2 2" stroke="currentColor"></path></svg></div><div class="cm dn bn b do dp">Write</div></div></div></div></a></span></div><div class="dw dx o ao"></div></div></div><div class="ah ai aj ak d"><div class="l ap ar ef as at c"><div class="ed an dq ee"><div class="ag o ao eg"><div class="eh ds l ei"></div><div class="eh ds l ei"></div><div class="eh ds l ei"></div></div></div></div></div></nav></div><main class="ej ek el em en eo l ep"><div class="l"><div class="fb l"><div class="o dz"><div class="eo cf fc fd fe ff fg fh fi fj fk"><div class="an o ao"><div class="fl l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://doublepulsar.com/?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow"><div class="l dq"><img alt="DoublePulsar" class="l ci fn fo fp fr" src="https://miro.medium.com/fit/c/64/64/1*euFkwA7zJWm-l7aDoNtJrw.jpeg" width="32" height="32"/><div class="fm fn l fo fp fq aq"></div></div></a></div><div class="fs l ft"><div class="bn b bo bp co">Published in</div></div><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://doublepulsar.com/?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow"><p class="bn b bo bp fu fv fw fx fy fz ga gb gc">DoublePulsar</p></a></div></div></div></div><div class="gd ge gf gg gh l"><div class="o dz"><div class="eo cf fc fd fe ff fg fh fi fj fk"><article class="meteredContent"><div class="l"><div class="gi gj gk gl gm gn go cf gp ci l"></div><div class="l"><header class="pw-post-byline-header gq gr gs gt gu gv gw gx gy gz l"><div class="o ha u"><div class="o"><div class="fl l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/@networksecurity?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow"><div class="l dq"><img alt="Kevin Beaumont" class="l ci fn hb hc fr" src="https://miro.medium.com/fit/c/96/96/1*TPJ3sVZRlcq-rj72g82bAg@2x.jpeg" width="48" height="48"/><div class="fm fn l hb hc fq aq"></div></div></a></div><div class="l"><div class="pw-author bn b do dp gc"><div class="hd o he"><div><div class="cj" role="tooltip" aria-hidden="false"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/@networksecurity?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow">Kevin Beaumont</a></div></div><div class="hf hg hh hi hj d"><span><a class="bn b hk bp hl hm hn ho hp hq hr bd ca hs ht hu ce cg ch ci cj ck" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F7db6d2df42a6&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;user=Kevin+Beaumont&amp;userId=7db6d2df42a6&amp;source=post_page-7db6d2df42a6----54b078f1a896---------------------follow_byline-----------" rel="noopener follow">Follow</a></span></div></div></div><div class="o ao hv"><p class="pw-published-date bn b bo bp co"><span>May 7</span></p><div class="hw cj" aria-hidden="true"><span class="l" aria-hidden="true"><span class="bn b bo bp co">·</span></span></div><div class="pw-reading-time bn b bo bp co">3 min read</div><span class="dg hx ag dq hy hz bp"><svg class="star-15px_svg__svgIcon-use" width="15" height="15" viewBox="0 0 15 15" aria-label="Member only content"><path d="M7.44 2.32c.03-.1.09-.1.12 0l1.2 3.53a.29.29 0 0 0 .26.2h3.88c.11 0 .13.04.04.1L9.8 8.33a.27.27 0 0 0-.1.29l1.2 3.53c.03.1-.01.13-.1.07l-3.14-2.18a.3.3 0 0 0-.32 0L4.2 12.22c-.1.06-.14.03-.1-.07l1.2-3.53a.27.27 0 0 0-.1-.3L2.06 6.16c-.1-.06-.07-.12.03-.12h3.89a.29.29 0 0 0 .26-.19l1.2-3.52z"></path></svg></span></div></div></div><div class="o ao"><div class="h k ia ib ic"><div class="id l ft"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="au av aw ax ay az ba bb bc bd be bf bg bh bi" aria-label="Share on twitter"><span class="cj ie dy if"><svg width="24" height="24" viewBox="0 0 24 24" fill="none"><path d="M20 5.34c-.67.41-1.4.7-2.18.87a3.45 3.45 0 0 0-5.02-.1 3.49 3.49 0 0 0-1.02 2.47c0 .28.03.54.07.8a9.91 9.91 0 0 1-7.17-3.66 3.9 3.9 0 0 0-.5 1.74 3.6 3.6 0 0 0 1.56 2.92 3.36 3.36 0 0 1-1.55-.44V10c0 1.67 1.2 3.08 2.8 3.42-.3.06-.6.1-.94.12l-.62-.06a3.5 3.5 0 0 0 3.24 2.43 7.34 7.34 0 0 1-4.36 1.49l-.81-.05a9.96 9.96 0 0 0 5.36 1.56c6.4 0 9.91-5.32 9.9-9.9v-.5c.69-.49 1.28-1.1 1.74-1.81-.63.3-1.3.48-2 .56A3.33 3.33 0 0 0 20 5.33" fill="#A8A8A8"></path></svg></span></button></div></div></div><div class="id l ft"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="au av aw ax ay az ba bb bc bd be bf bg bh bi" aria-label="Share on facebook"><span class="cj ie dy if"><svg width="24" height="24" viewBox="0 0 24 24" fill="none"><path d="M19.75 12.04c0-4.3-3.47-7.79-7.75-7.79a7.77 7.77 0 0 0-5.9 12.84 7.77 7.77 0 0 0 4.69 2.63v-5.49h-1.9v-2.2h1.9v-1.62c0-1.88 1.14-2.9 2.8-2.9.8 0 1.49.06 1.69.08v1.97h-1.15c-.91 0-1.1.43-1.1 1.07v1.4h2.17l-.28 2.2h-1.88v5.52a7.77 7.77 0 0 0 6.7-7.71" fill="#A8A8A8"></path></svg></span></button></div></div></div><div class="id l ft"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="au av aw ax ay az ba bb bc bd be bf bg bh bi" aria-label="Share on linkedin"><span class="cj ie dy if"><svg width="24" height="24" viewBox="0 0 24 24" fill="none"><path d="M19.75 5.39v13.22a1.14 1.14 0 0 1-1.14 1.14H5.39a1.14 1.14 0 0 1-1.14-1.14V5.39a1.14 1.14 0 0 1 1.14-1.14h13.22a1.14 1.14 0 0 1 1.14 1.14zM8.81 10.18H6.53v7.3H8.8v-7.3zM9 7.67a1.31 1.31 0 0 0-1.3-1.32h-.04a1.32 1.32 0 0 0 0 2.64A1.31 1.31 0 0 0 9 7.71v-.04zm8.46 5.37c0-2.2-1.4-3.05-2.78-3.05a2.6 2.6 0 0 0-2.3 1.18h-.07v-1h-2.14v7.3h2.28V13.6a1.51 1.51 0 0 1 1.36-1.63h.09c.72 0 1.26.45 1.26 1.6v3.91h2.28l.02-4.43z" fill="#A8A8A8"></path></svg></span></button></div></div></div><div class="l ft"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="au av aw ax ay az ba bb bc bd be bf bg bh bi"><span class="cj ie dy if"><svg width="24" height="24" viewBox="0 0 24 24" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M3.57 14.67c0-.57.13-1.11.38-1.6l.02-.02v-.02l.02-.02c0-.02 0-.02.02-.02.12-.26.3-.52.57-.8L7.78 9v-.02l.01-.02c.44-.41.91-.7 1.44-.85a4.87 4.87 0 0 0-1.19 2.36A5.04 5.04 0 0 0 8 11.6L6.04 13.6c-.19.19-.32.4-.38.65a2 2 0 0 0 0 .9c.08.2.2.4.38.57l1.29 1.31c.27.28.62.42 1.03.42.42 0 .78-.14 1.06-.42l1.23-1.25.79-.78 1.15-1.16c.08-.09.19-.22.28-.4.1-.2.15-.42.15-.67 0-.16-.02-.3-.06-.45l-.02-.02v-.02l-.07-.14s0-.03-.04-.06l-.06-.13-.02-.02c0-.02 0-.03-.02-.05a.6.6 0 0 0-.14-.16l-.48-.5c0-.04.02-.1.04-.15l.06-.12 1.17-1.14.09-.09.56.57c.02.04.08.1.16.18l.05.04.03.06.04.05.03.04.04.06.1.14.02.02c0 .02.01.03.03.04l.1.2v.02c.1.16.2.38.3.68a1 1 0 0 1 .04.25 3.2 3.2 0 0 1 .02 1.33 3.49 3.49 0 0 1-.95 1.87l-.66.67-.97.97-1.56 1.57a3.4 3.4 0 0 1-2.47 1.02c-.97 0-1.8-.34-2.49-1.03l-1.3-1.3a3.55 3.55 0 0 1-1-2.51v-.01h-.02v.02zm5.39-3.43c0-.19.02-.4.07-.63.13-.74.44-1.37.95-1.87l.66-.67.97-.98 1.56-1.56c.68-.69 1.5-1.03 2.47-1.03.97 0 1.8.34 2.48 1.02l1.3 1.32a3.48 3.48 0 0 1 1 2.48c0 .58-.11 1.11-.37 1.6l-.02.02v.02l-.02.04c-.14.27-.35.54-.6.8L16.23 15l-.01.02-.01.02c-.44.42-.92.7-1.43.83a4.55 4.55 0 0 0 1.23-3.52L18 10.38c.18-.21.3-.42.35-.65a2.03 2.03 0 0 0-.01-.9 1.96 1.96 0 0 0-.36-.58l-1.3-1.3a1.49 1.49 0 0 0-1.06-.42c-.42 0-.77.14-1.06.4l-1.2 1.27-.8.8-1.16 1.15c-.08.08-.18.21-.29.4a1.66 1.66 0 0 0-.08 1.12l.02.03v.02l.06.14s.01.03.05.06l.06.13.02.02.01.02.01.02c.05.08.1.13.14.16l.47.5c0 .04-.02.09-.04.15l-.06.12-1.15 1.15-.1.08-.56-.56a2.3 2.3 0 0 0-.18-.19c-.02-.01-.02-.03-.02-.04l-.02-.02a.37.37 0 0 1-.1-.12c-.03-.03-.05-.04-.05-.06l-.1-.15-.02-.02-.02-.04-.08-.17v-.02a5.1 5.1 0 0 1-.28-.69 1.03 1.03 0 0 1-.04-.26c-.06-.23-.1-.46-.1-.7v.01z" fill="#A8A8A8"></path></svg></span></button></div></div></div><div class="ig o ao"><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F54b078f1a896&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;source=--------------------------bookmark_header-----------" rel="noopener follow"><button aria-controls="addToCatalogBookmarkButton" aria-expanded="false" aria-label="Add to list bookmark button" class="au dg aw ax ay az ba ie bc ii ij ik il"><svg width="25" height="25" viewBox="0 0 25 25" fill="none" class="ih" aria-label="Add to list bookmark button"><path d="M18 2.5a.5.5 0 0 1 1 0V5h2.5a.5.5 0 0 1 0 1H19v2.5a.5.5 0 1 1-1 0V6h-2.5a.5.5 0 0 1 0-1H18V2.5zM7 7a1 1 0 0 1 1-1h3.5a.5.5 0 0 0 0-1H8a2 2 0 0 0-2 2v14a.5.5 0 0 0 .8.4l5.7-4.4 5.7 4.4a.5.5 0 0 0 .8-.4v-8.5a.5.5 0 0 0-1 0v7.48l-5.2-4a.5.5 0 0 0-.6 0l-5.2 4V7z" fill="#292929"></path></svg></button></a></span></div></div><div class="cl im"><div><div class="cj" role="tooltip" aria-hidden="false"></div></div></div></div></div><div class="in io ip j i d"><div class="fl l"><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F54b078f1a896&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;source=--------------------------bookmark_header-----------" rel="noopener follow"><button aria-controls="addToCatalogBookmarkButton" aria-expanded="false" aria-label="Add to list bookmark button" class="au dg aw iq ay az ba ir bc ii ce o ao is it il"><svg width="25" height="25" viewBox="0 0 25 25" fill="none" class="ih" aria-label="Add to list bookmark button"><path d="M18 2.5a.5.5 0 0 1 1 0V5h2.5a.5.5 0 0 1 0 1H19v2.5a.5.5 0 1 1-1 0V6h-2.5a.5.5 0 0 1 0-1H18V2.5zM7 7a1 1 0 0 1 1-1h3.5a.5.5 0 0 0 0-1H8a2 2 0 0 0-2 2v14a.5.5 0 0 0 .8.4l5.7-4.4 5.7 4.4a.5.5 0 0 0 .8-.4v-8.5a.5.5 0 0 0-1 0v7.48l-5.2-4a.5.5 0 0 0-.6 0l-5.2 4V7z" fill="#292929"></path></svg><p class="bn b bo bp co">Save</p></button></a></span></div><div class="iu l ft"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="au av aw ax ay az ba bb bc bd be bf bg bh bi" aria-label="Share on twitter"><span class="cj ie dy if"><svg width="24" height="24" viewBox="0 0 24 24" fill="none"><path d="M20 5.34c-.67.41-1.4.7-2.18.87a3.45 3.45 0 0 0-5.02-.1 3.49 3.49 0 0 0-1.02 2.47c0 .28.03.54.07.8a9.91 9.91 0 0 1-7.17-3.66 3.9 3.9 0 0 0-.5 1.74 3.6 3.6 0 0 0 1.56 2.92 3.36 3.36 0 0 1-1.55-.44V10c0 1.67 1.2 3.08 2.8 3.42-.3.06-.6.1-.94.12l-.62-.06a3.5 3.5 0 0 0 3.24 2.43 7.34 7.34 0 0 1-4.36 1.49l-.81-.05a9.96 9.96 0 0 0 5.36 1.56c6.4 0 9.91-5.32 9.9-9.9v-.5c.69-.49 1.28-1.1 1.74-1.81-.63.3-1.3.48-2 .56A3.33 3.33 0 0 0 20 5.33" fill="#A8A8A8"></path></svg></span></button></div></div></div><div class="iu l ft"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="au av aw ax ay az ba bb bc bd be bf bg bh bi" aria-label="Share on facebook"><span class="cj ie dy if"><svg width="24" height="24" viewBox="0 0 24 24" fill="none"><path d="M19.75 12.04c0-4.3-3.47-7.79-7.75-7.79a7.77 7.77 0 0 0-5.9 12.84 7.77 7.77 0 0 0 4.69 2.63v-5.49h-1.9v-2.2h1.9v-1.62c0-1.88 1.14-2.9 2.8-2.9.8 0 1.49.06 1.69.08v1.97h-1.15c-.91 0-1.1.43-1.1 1.07v1.4h2.17l-.28 2.2h-1.88v5.52a7.77 7.77 0 0 0 6.7-7.71" fill="#A8A8A8"></path></svg></span></button></div></div></div><div class="iu l ft"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="au av aw ax ay az ba bb bc bd be bf bg bh bi" aria-label="Share on linkedin"><span class="cj ie dy if"><svg width="24" height="24" viewBox="0 0 24 24" fill="none"><path d="M19.75 5.39v13.22a1.14 1.14 0 0 1-1.14 1.14H5.39a1.14 1.14 0 0 1-1.14-1.14V5.39a1.14 1.14 0 0 1 1.14-1.14h13.22a1.14 1.14 0 0 1 1.14 1.14zM8.81 10.18H6.53v7.3H8.8v-7.3zM9 7.67a1.31 1.31 0 0 0-1.3-1.32h-.04a1.32 1.32 0 0 0 0 2.64A1.31 1.31 0 0 0 9 7.71v-.04zm8.46 5.37c0-2.2-1.4-3.05-2.78-3.05a2.6 2.6 0 0 0-2.3 1.18h-.07v-1h-2.14v7.3h2.28V13.6a1.51 1.51 0 0 1 1.36-1.63h.09c.72 0 1.26.45 1.26 1.6v3.91h2.28l.02-4.43z" fill="#A8A8A8"></path></svg></span></button></div></div></div><div class="l ft"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="au av aw ax ay az ba bb bc bd be bf bg bh bi"><span class="cj ie dy if"><svg width="24" height="24" viewBox="0 0 24 24" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M3.57 14.67c0-.57.13-1.11.38-1.6l.02-.02v-.02l.02-.02c0-.02 0-.02.02-.02.12-.26.3-.52.57-.8L7.78 9v-.02l.01-.02c.44-.41.91-.7 1.44-.85a4.87 4.87 0 0 0-1.19 2.36A5.04 5.04 0 0 0 8 11.6L6.04 13.6c-.19.19-.32.4-.38.65a2 2 0 0 0 0 .9c.08.2.2.4.38.57l1.29 1.31c.27.28.62.42 1.03.42.42 0 .78-.14 1.06-.42l1.23-1.25.79-.78 1.15-1.16c.08-.09.19-.22.28-.4.1-.2.15-.42.15-.67 0-.16-.02-.3-.06-.45l-.02-.02v-.02l-.07-.14s0-.03-.04-.06l-.06-.13-.02-.02c0-.02 0-.03-.02-.05a.6.6 0 0 0-.14-.16l-.48-.5c0-.04.02-.1.04-.15l.06-.12 1.17-1.14.09-.09.56.57c.02.04.08.1.16.18l.05.04.03.06.04.05.03.04.04.06.1.14.02.02c0 .02.01.03.03.04l.1.2v.02c.1.16.2.38.3.68a1 1 0 0 1 .04.25 3.2 3.2 0 0 1 .02 1.33 3.49 3.49 0 0 1-.95 1.87l-.66.67-.97.97-1.56 1.57a3.4 3.4 0 0 1-2.47 1.02c-.97 0-1.8-.34-2.49-1.03l-1.3-1.3a3.55 3.55 0 0 1-1-2.51v-.01h-.02v.02zm5.39-3.43c0-.19.02-.4.07-.63.13-.74.44-1.37.95-1.87l.66-.67.97-.98 1.56-1.56c.68-.69 1.5-1.03 2.47-1.03.97 0 1.8.34 2.48 1.02l1.3 1.32a3.48 3.48 0 0 1 1 2.48c0 .58-.11 1.11-.37 1.6l-.02.02v.02l-.02.04c-.14.27-.35.54-.6.8L16.23 15l-.01.02-.01.02c-.44.42-.92.7-1.43.83a4.55 4.55 0 0 0 1.23-3.52L18 10.38c.18-.21.3-.42.35-.65a2.03 2.03 0 0 0-.01-.9 1.96 1.96 0 0 0-.36-.58l-1.3-1.3a1.49 1.49 0 0 0-1.06-.42c-.42 0-.77.14-1.06.4l-1.2 1.27-.8.8-1.16 1.15c-.08.08-.18.21-.29.4a1.66 1.66 0 0 0-.08 1.12l.02.03v.02l.06.14s.01.03.05.06l.06.13.02.02.01.02.01.02c.05.08.1.13.14.16l.47.5c0 .04-.02.09-.04.15l-.06.12-1.15 1.15-.1.08-.56-.56a2.3 2.3 0 0 0-.18-.19c-.02-.01-.02-.03-.02-.04l-.02-.02a.37.37 0 0 1-.1-.12c-.03-.03-.05-.04-.05-.06l-.1-.15-.02-.02-.02-.04-.08-.17v-.02a5.1 5.1 0 0 1-.28-.69 1.03 1.03 0 0 1-.04-.26c-.06-.23-.1-.46-.1-.7v.01z" fill="#A8A8A8"></path></svg></span></button></div></div></div></div></header><span class="l"></span><section><div><div class="fq as ja jb jc jd"></div><div class="je jf jg jh ji"><div class=""><h1 id="68b0" class="pw-post-title jj jk jl bn jm jn jo jp jq jr js jt ju jv jw jx jy jz ka kb kc kd ke kf kg kh gc">BPFDoor — an active Chinese global surveillance tool</h1></div><p id="b586" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen, a Chinese threat actor group.</p><figure class="lh li lj lk gz ll gn go paragraph-image"><div class="gn go lg"><img alt="" class="cf lm ln" src="https://miro.medium.com/max/1130/0*Su8mxpojVBSA5vu5" width="565" height="552" role="presentation"/></div></figure><p id="0d2f" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">You can read more in PwC’s great, yearly threat intelligence brief, <a class="au lo" href="https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf" rel="noopener ugc nofollow" target="_blank">here</a>.</p><p id="65c5" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">PwC plan to present their findings in June:</p><figure class="lh li lj lk gz ll"><div class="m l dq"><div class="lp lq l"></div></div></figure><p id="4462" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc lr"><span class="l ls lt lu lv lw lx ly lz ma dq">B</span>PFDoor is interesting. It allows a threat actor to backdoor a system for remote code execution, without opening any new network ports or firewall rules. For example, if a webapp exists on port 443, it can listen and react on the existing port 443, and the implant can be reached over the webapp port (even with the webapp running). This is because it uses a BPF packet filter.</p><figure class="lh li lj lk gz ll gn go paragraph-image"><div class="gn go mb"><img alt="" class="cf lm ln" src="https://miro.medium.com/max/1376/1*IXT0IHLg56KOuzwIEsAKfA.png" width="688" height="694" role="presentation"/></div></figure><p id="0001" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">Operators have access to a tool which allows communication to the implants, using a password, which allows features such as remotely executing commands. This works over internal and internet networks.</p><p id="b095" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">Because BPFDoor doesn’t open any inbound network ports, doesn’t use an outbound C2, and it renames its own process in Linux (so ps aux, for example, will show a friendly name) it is highly evasive.</p><p id="623c" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">I swept the internet for BPFDoor throughout 2021, and discovered it is installed at organisations in across the globe— in particular the US, South Korea, Hong Kong, Turkey, India, Viet Nam and Myanmar, and is highly evasive. These organisations include government systems, postal and logistic systems, education systems and more.</p><p id="5756" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">Inside those organisations I believe it is likely present on thousands of systems. The implant appears to be for surveillance purposes.</p><p id="8dcf" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">Per PwC:</p><blockquote class="mc md me"><p id="db07" class="ki kj mf kk b kl km kn ko kp kq kr ks mg ku kv kw mh ky kz la mi lc ld le lf je gc">We also identified that the threat actor sends commands to BPFDoor victims via Virtual Private Servers (VPSs) hosted at a well-known provider, and that these VPSs, in turn, are administered via compromised routers based in Taiwan, which the threat actor uses as VPN tunnels. Most Red Menshen activity that we observed took place between Monday to Friday (with none observed on the weekends), with most communication taking place between 01:00 and 10:00 UTC. This pattern suggests a consistent 8 to 9-hour activity window for the threat actor, with realistic probability of it aligning to local working hours.</p></blockquote><p id="d85a" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc lr"><span class="l ls lt lu lv lw lx ly lz ma dq">T</span>he implant has been in use for many years — over 5 — and has flown under the radar.</p><p id="28fc" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">Versions exist for Linux appliances, Solaris SPARC boxes and more. For example, here’s a Solaris version first uploaded to VirusTotal in 2019:</p><p id="b53b" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc"><a class="au lo" href="https://www.virustotal.com/gui/file/dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a/detection/f-dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a-1567566897" rel="noopener ugc nofollow" target="_blank">VirusTotal — File — dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a</a></p><figure class="lh li lj lk gz ll gn go paragraph-image"><div role="button" tabindex="0" class="mk ml dq mm cf mn"><div class="gn go mj"><img alt="" class="cf lm ln" src="https://miro.medium.com/max/1400/1*iZ7-ELTs_jVNwS92wx8buA.png" width="700" height="260" role="presentation"/></div></div></figure><p id="1d23" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">Nextron Systems THOR was detecting the activity over the past year or so, visible in VirusTotal comments:</p><figure class="lh li lj lk gz ll"><div class="m l dq"><div class="lp lq l"></div></div></figure><h1 id="08a7" class="mo mp jl bn mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng nh ni nj nk nl gc">Indicators of Compromise and Indicators of Attack</h1><p id="fff8" class="pw-post-body-paragraph ki kj jl kk b kl nm kn ko kp nn kr ks kt no kv kw kx np kz la lb nq ld le lf je gc">(note that each implant has a unique hash, so hunting for file hashes is a <em class="mf">BAD IDEA</em>).</p><p id="1adc" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc"><a class="au lo" href="https://www.virustotal.com/gui/collection/dd82ee900dd15a5d6205d7aeb8a0c9d60e1b3c93c678cfd7a8fa7be444afefe7/iocs" rel="noopener ugc nofollow" target="_blank">VirusTotal — Collections — BPFDoor</a></p><ul class=""><li id="ea2e" class="nr ns jl kk b kl km kp kq kt nt kx nu lb nv lf nw nx ny nz gc">YARA rules:</li></ul><p id="e87f" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc"><a class="au lo" href="https://github.com/Neo23x0/signature-base/blob/master/yara/mal_lnx_implant_may22.yar" rel="noopener ugc nofollow" target="_blank">signature-base/mal_lnx_implant_may22.yar at master · Neo23x0/signature-base (github.com)</a></p><p id="f9ed" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc"><a class="au lo" href="https://github.com/GossiTheDog/ThreatHunting/blob/master/YARA/BPFDoor-Unknown.yar" rel="noopener ugc nofollow" target="_blank">ThreatHunting/BPFDoor-Unknown.yar at master · GossiTheDog/ThreatHunting (github.com)</a></p><ul class=""><li id="b730" class="nr ns jl kk b kl km kp kq kt nt kx nu lb nv lf nw nx ny nz gc">Files in<strong class="kk jm"> /dev/shm </strong>such as<strong class="kk jm"> /dev/shm/kdmtmpflush</strong></li></ul><p id="e973" class="pw-post-body-paragraph ki kj jl kk b kl km kn ko kp kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf je gc">Sandbox report from 2019 — includes useful commands; <a class="au lo" href="https://www.joesandbox.com/analysis/185754/0/html" rel="noopener ugc nofollow" target="_blank">Automated Malware Analysis Report for m8XMnec4Vb.elf — Generated by Joe Sandbox</a></p></div></div></section></div></div></article></div></div><div class="oa l"></div><div></div><div class="dc ob o dz oc od"><div class="oe eb of og oh o ao c"><div class="o ao he"><div class="pw-multi-vote-icon dq oi oj ok ol"><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fdoublepulsar%2F54b078f1a896&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;user=Kevin+Beaumont&amp;userId=7db6d2df42a6&amp;source=-----54b078f1a896---------------------clap_footer-----------" rel="noopener follow"><div class="bb om dt on ii oo op ol dg oq or"><svg width="24" height="24" viewBox="0 0 24 24" aria-label="clap"><path fill-rule="evenodd" clip-rule="evenodd" d="M11.37.83L12 3.28l.63-2.45h-1.26zM13.92 3.95l1.52-2.1-1.18-.4-.34 2.5zM8.59 1.84l1.52 2.11-.34-2.5-1.18.4zM18.52 18.92a4.23 4.23 0 0 1-2.62 1.33l.41-.37c2.39-2.4 2.86-4.95 1.4-7.63l-.91-1.6-.8-1.67c-.25-.56-.19-.98.21-1.29a.7.7 0 0 1 .55-.13c.28.05.54.23.72.5l2.37 4.16c.97 1.62 1.14 4.23-1.33 6.7zm-11-.44l-4.15-4.15a.83.83 0 0 1 1.17-1.17l2.16 2.16a.37.37 0 0 0 .51-.52l-2.15-2.16L3.6 11.2a.83.83 0 0 1 1.17-1.17l3.43 3.44a.36.36 0 0 0 .52 0 .36.36 0 0 0 0-.52L5.29 9.51l-.97-.97a.83.83 0 0 1 0-1.16.84.84 0 0 1 1.17 0l.97.97 3.44 3.43a.36.36 0 0 0 .51 0 .37.37 0 0 0 0-.52L6.98 7.83a.82.82 0 0 1-.18-.9.82.82 0 0 1 .76-.51c.22 0 .43.09.58.24l5.8 5.79a.37.37 0 0 0 .58-.42L13.4 9.67c-.26-.56-.2-.98.2-1.29a.7.7 0 0 1 .55-.13c.28.05.55.23.73.5l2.2 3.86c1.3 2.38.87 4.59-1.29 6.75a4.65 4.65 0 0 1-4.19 1.37 7.73 7.73 0 0 1-4.07-2.25zm3.23-12.5l2.12 2.11c-.41.5-.47 1.17-.13 1.9l.22.46-3.52-3.53a.81.81 0 0 1-.1-.36c0-.23.09-.43.24-.59a.85.85 0 0 1 1.17 0zm7.36 1.7a1.86 1.86 0 0 0-1.23-.84 1.44 1.44 0 0 0-1.12.27c-.3.24-.5.55-.58.89-.25-.25-.57-.4-.91-.47-.28-.04-.56 0-.82.1l-2.18-2.18a1.56 1.56 0 0 0-2.2 0c-.2.2-.33.44-.4.7a1.56 1.56 0 0 0-2.63.75 1.6 1.6 0 0 0-2.23-.04 1.56 1.56 0 0 0 0 2.2c-.24.1-.5.24-.72.45a1.56 1.56 0 0 0 0 2.2l.52.52a1.56 1.56 0 0 0-.75 2.61L7 19a8.46 8.46 0 0 0 4.48 2.45 5.18 5.18 0 0 0 3.36-.5 4.89 4.89 0 0 0 4.2-1.51c2.75-2.77 2.54-5.74 1.43-7.59L18.1 7.68z"></path></svg></div></a></span></div><div class="pw-multi-vote-count l os ot ou ov ow ox oy"><div><div class="cj" role="tooltip" aria-hidden="false"><p class="bn b hk bp co"><button class="au av aw ax ay az ba bb bc bd oz bf bg bh bi pa">24<span class="l h g f pb pc"></span></button></p></div></div></div></div><div class="pd pe pf l"></div><div><div class="cj" role="tooltip" aria-hidden="false"><button class="ii dt pg o ao dg or ph" aria-label="responses"><svg width="24" height="24" viewBox="0 0 24 24" aria-label="responses" class=""><path d="M18 16.8a7.14 7.14 0 0 0 2.24-5.32c0-4.12-3.53-7.48-8.05-7.48C7.67 4 4 7.36 4 11.48c0 4.13 3.67 7.48 8.2 7.48a8.9 8.9 0 0 0 2.38-.32c.23.2.48.39.75.56 1.06.69 2.2 1.04 3.4 1.04.22 0 .4-.11.48-.29a.5.5 0 0 0-.04-.52 6.4 6.4 0 0 1-1.16-2.65v.02zm-3.12 1.06l-.06-.22-.32.1a8 8 0 0 1-2.3.33c-4.03 0-7.3-2.96-7.3-6.59S8.17 4.9 12.2 4.9c4 0 7.1 2.96 7.1 6.6 0 1.8-.6 3.47-2.02 4.72l-.2.16v.26l.02.3a6.74 6.74 0 0 0 .88 2.4 5.27 5.27 0 0 1-2.17-.86c-.28-.17-.72-.38-.94-.59l.01-.02z"></path></svg><p class="bn b hk bp co"><span class="pw-responses-count pi ob">1</span></p></button></div></div></div></div><div class="l"></div><footer class="pj pk pl pm o ao pn dd c"><div class="l po"><div class="o dz"><div class="eo cf fc fd fe ff fg fh fi fj fk"><div class="o u pp"><div class="o ao he"><div class="pq l"><span class="l hg pr ps e d"><div class="o ao he"><div class="pw-multi-vote-icon dq oi oj ok ol"><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fdoublepulsar%2F54b078f1a896&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;user=Kevin+Beaumont&amp;userId=7db6d2df42a6&amp;source=-----54b078f1a896---------------------clap_footer-----------" rel="noopener follow"><div class="bb om dt on ii oo op ol dg oq or"><svg width="24" height="24" viewBox="0 0 24 24" aria-label="clap"><path fill-rule="evenodd" clip-rule="evenodd" d="M11.37.83L12 3.28l.63-2.45h-1.26zM13.92 3.95l1.52-2.1-1.18-.4-.34 2.5zM8.59 1.84l1.52 2.11-.34-2.5-1.18.4zM18.52 18.92a4.23 4.23 0 0 1-2.62 1.33l.41-.37c2.39-2.4 2.86-4.95 1.4-7.63l-.91-1.6-.8-1.67c-.25-.56-.19-.98.21-1.29a.7.7 0 0 1 .55-.13c.28.05.54.23.72.5l2.37 4.16c.97 1.62 1.14 4.23-1.33 6.7zm-11-.44l-4.15-4.15a.83.83 0 0 1 1.17-1.17l2.16 2.16a.37.37 0 0 0 .51-.52l-2.15-2.16L3.6 11.2a.83.83 0 0 1 1.17-1.17l3.43 3.44a.36.36 0 0 0 .52 0 .36.36 0 0 0 0-.52L5.29 9.51l-.97-.97a.83.83 0 0 1 0-1.16.84.84 0 0 1 1.17 0l.97.97 3.44 3.43a.36.36 0 0 0 .51 0 .37.37 0 0 0 0-.52L6.98 7.83a.82.82 0 0 1-.18-.9.82.82 0 0 1 .76-.51c.22 0 .43.09.58.24l5.8 5.79a.37.37 0 0 0 .58-.42L13.4 9.67c-.26-.56-.2-.98.2-1.29a.7.7 0 0 1 .55-.13c.28.05.55.23.73.5l2.2 3.86c1.3 2.38.87 4.59-1.29 6.75a4.65 4.65 0 0 1-4.19 1.37 7.73 7.73 0 0 1-4.07-2.25zm3.23-12.5l2.12 2.11c-.41.5-.47 1.17-.13 1.9l.22.46-3.52-3.53a.81.81 0 0 1-.1-.36c0-.23.09-.43.24-.59a.85.85 0 0 1 1.17 0zm7.36 1.7a1.86 1.86 0 0 0-1.23-.84 1.44 1.44 0 0 0-1.12.27c-.3.24-.5.55-.58.89-.25-.25-.57-.4-.91-.47-.28-.04-.56 0-.82.1l-2.18-2.18a1.56 1.56 0 0 0-2.2 0c-.2.2-.33.44-.4.7a1.56 1.56 0 0 0-2.63.75 1.6 1.6 0 0 0-2.23-.04 1.56 1.56 0 0 0 0 2.2c-.24.1-.5.24-.72.45a1.56 1.56 0 0 0 0 2.2l.52.52a1.56 1.56 0 0 0-.75 2.61L7 19a8.46 8.46 0 0 0 4.48 2.45 5.18 5.18 0 0 0 3.36-.5 4.89 4.89 0 0 0 4.2-1.51c2.75-2.77 2.54-5.74 1.43-7.59L18.1 7.68z"></path></svg></div></a></span></div><div class="pw-multi-vote-count l os ot ou ov ow ox oy"><div><div class="cj" role="tooltip" aria-hidden="false"><p class="bn b hk bp co"><button class="au av aw ax ay az ba bb bc bd oz bf bg bh bi pa">24<span class="l h g f pb pc"></span></button></p></div></div></div></div></span><span class="l h g f pb pc"><div class="o ao he"><div class="pw-multi-vote-icon dq oi oj ok ol"><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fdoublepulsar%2F54b078f1a896&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;user=Kevin+Beaumont&amp;userId=7db6d2df42a6&amp;source=-----54b078f1a896---------------------clap_footer-----------" rel="noopener follow"><div class="bb om dt on ii oo op ol dg oq or"><svg width="24" height="24" viewBox="0 0 24 24" aria-label="clap"><path fill-rule="evenodd" clip-rule="evenodd" d="M11.37.83L12 3.28l.63-2.45h-1.26zM13.92 3.95l1.52-2.1-1.18-.4-.34 2.5zM8.59 1.84l1.52 2.11-.34-2.5-1.18.4zM18.52 18.92a4.23 4.23 0 0 1-2.62 1.33l.41-.37c2.39-2.4 2.86-4.95 1.4-7.63l-.91-1.6-.8-1.67c-.25-.56-.19-.98.21-1.29a.7.7 0 0 1 .55-.13c.28.05.54.23.72.5l2.37 4.16c.97 1.62 1.14 4.23-1.33 6.7zm-11-.44l-4.15-4.15a.83.83 0 0 1 1.17-1.17l2.16 2.16a.37.37 0 0 0 .51-.52l-2.15-2.16L3.6 11.2a.83.83 0 0 1 1.17-1.17l3.43 3.44a.36.36 0 0 0 .52 0 .36.36 0 0 0 0-.52L5.29 9.51l-.97-.97a.83.83 0 0 1 0-1.16.84.84 0 0 1 1.17 0l.97.97 3.44 3.43a.36.36 0 0 0 .51 0 .37.37 0 0 0 0-.52L6.98 7.83a.82.82 0 0 1-.18-.9.82.82 0 0 1 .76-.51c.22 0 .43.09.58.24l5.8 5.79a.37.37 0 0 0 .58-.42L13.4 9.67c-.26-.56-.2-.98.2-1.29a.7.7 0 0 1 .55-.13c.28.05.55.23.73.5l2.2 3.86c1.3 2.38.87 4.59-1.29 6.75a4.65 4.65 0 0 1-4.19 1.37 7.73 7.73 0 0 1-4.07-2.25zm3.23-12.5l2.12 2.11c-.41.5-.47 1.17-.13 1.9l.22.46-3.52-3.53a.81.81 0 0 1-.1-.36c0-.23.09-.43.24-.59a.85.85 0 0 1 1.17 0zm7.36 1.7a1.86 1.86 0 0 0-1.23-.84 1.44 1.44 0 0 0-1.12.27c-.3.24-.5.55-.58.89-.25-.25-.57-.4-.91-.47-.28-.04-.56 0-.82.1l-2.18-2.18a1.56 1.56 0 0 0-2.2 0c-.2.2-.33.44-.4.7a1.56 1.56 0 0 0-2.63.75 1.6 1.6 0 0 0-2.23-.04 1.56 1.56 0 0 0 0 2.2c-.24.1-.5.24-.72.45a1.56 1.56 0 0 0 0 2.2l.52.52a1.56 1.56 0 0 0-.75 2.61L7 19a8.46 8.46 0 0 0 4.48 2.45 5.18 5.18 0 0 0 3.36-.5 4.89 4.89 0 0 0 4.2-1.51c2.75-2.77 2.54-5.74 1.43-7.59L18.1 7.68z"></path></svg></div></a></span></div><div class="pw-multi-vote-count l os ot ou ov ow ox oy"><div><div class="cj" role="tooltip" aria-hidden="false"><p class="bn b hk bp co"><button class="au av aw ax ay az ba bb bc bd oz bf bg bh bi pa">24</button></p></div></div></div></div></span></div><div class="pt o"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="ii dt pg o ao dg or ph" aria-label="responses"><svg width="24" height="24" viewBox="0 0 24 24" aria-label="responses" class="pu"><path d="M18 16.8a7.14 7.14 0 0 0 2.24-5.32c0-4.12-3.53-7.48-8.05-7.48C7.67 4 4 7.36 4 11.48c0 4.13 3.67 7.48 8.2 7.48a8.9 8.9 0 0 0 2.38-.32c.23.2.48.39.75.56 1.06.69 2.2 1.04 3.4 1.04.22 0 .4-.11.48-.29a.5.5 0 0 0-.04-.52 6.4 6.4 0 0 1-1.16-2.65v.02zm-3.12 1.06l-.06-.22-.32.1a8 8 0 0 1-2.3.33c-4.03 0-7.3-2.96-7.3-6.59S8.17 4.9 12.2 4.9c4 0 7.1 2.96 7.1 6.6 0 1.8-.6 3.47-2.02 4.72l-.2.16v.26l.02.3a6.74 6.74 0 0 0 .88 2.4 5.27 5.27 0 0 1-2.17-.86c-.28-.17-.72-.38-.94-.59l.01-.02z"></path></svg><p class="bn b bo bp co"><span class="pw-responses-count pi pu ob">1</span></p></button></div></div></div></div><div class="o ao"><div class="cj" aria-hidden="false" aria-describedby="postFooterSocialMenu" aria-labelledby="postFooterSocialMenu"><div><div class="cj" role="tooltip" aria-hidden="false"><button class="au av aw ax ay az ba ie bc bd be bf bg bh bi pv if pw" aria-controls="postFooterSocialMenu" aria-expanded="false" aria-label="Share Post"><svg width="24" height="24" viewBox="0 0 24 24" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M15.22 4.93a.42.42 0 0 1-.12.13h.01a.45.45 0 0 1-.29.08.52.52 0 0 1-.3-.13L12.5 3v7.07a.5.5 0 0 1-.5.5.5.5 0 0 1-.5-.5V3.02l-2 2a.45.45 0 0 1-.57.04h-.02a.4.4 0 0 1-.16-.3.4.4 0 0 1 .1-.32l2.8-2.8a.5.5 0 0 1 .7 0l2.8 2.8a.42.42 0 0 1 .07.5zm-.1.14zm.88 2h1.5a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2h-11a2 2 0 0 1-2-2v-10a2 2 0 0 1 2-2H8a.5.5 0 0 1 .35.14c.1.1.15.22.15.35a.5.5 0 0 1-.15.35.5.5 0 0 1-.35.15H6.4c-.5 0-.9.4-.9.9v10.2a.9.9 0 0 0 .9.9h11.2c.5 0 .9-.4.9-.9V8.96c0-.5-.4-.9-.9-.9H16a.5.5 0 0 1 0-1z" fill="#000"></path></svg></button></div></div></div><div class="px l ft"><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F54b078f1a896&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;source=--------------------------bookmark_footer-----------" rel="noopener follow"><button aria-controls="addToCatalogBookmarkButton" aria-expanded="false" aria-label="Add to list bookmark button" class="au dg aw ax ay az ba ie bc ii ij ik il"><svg width="25" height="25" viewBox="0 0 25 25" fill="none" class="ih" aria-label="Add to list bookmark button"><path d="M18 2.5a.5.5 0 0 1 1 0V5h2.5a.5.5 0 0 1 0 1H19v2.5a.5.5 0 1 1-1 0V6h-2.5a.5.5 0 0 1 0-1H18V2.5zM7 7a1 1 0 0 1 1-1h3.5a.5.5 0 0 0 0-1H8a2 2 0 0 0-2 2v14a.5.5 0 0 0 .8.4l5.7-4.4 5.7 4.4a.5.5 0 0 0 .8-.4v-8.5a.5.5 0 0 0-1 0v7.48l-5.2-4a.5.5 0 0 0-.6 0l-5.2 4V7z" fill="#292929"></path></svg></button></a></span></div></div></div></div></div></div></footer></div><div class="o dz"><div class="eo cf fc fd fe ff fg fh fi fj fk"></div></div><div class="l"><div class="l py pp"><div class="l pp"><div class="pz qa l py"><div class="o dz"><div class="eo cf fc fd fe ff fg fh fi fj fk"><div class="o ao u"><h2 class="bn qb qc qd qe mu qf qg qh my kt qi qj nc kx qk ql ng lb qm qn nk fu fw fx fy fz ga gb gc"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://doublepulsar.com/?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow">More from DoublePulsar</a></h2><span><a class="bn b bo bp hl br hn ho hp hq hr bd ca hs ht hu ce cg ch ci cj ck" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fdoublepulsar%2F54b078f1a896&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;collection=DoublePulsar&amp;collectionId=8343faddf0ec&amp;source=post_page-----54b078f1a896---------------------follow_footer-----------" rel="noopener follow">Follow</a></span></div><div class="qo l"><p class="bn b bo bp co">Cybersecurity from the trenches, written by Kevin Beaumont. Opinions are of the author alone, not their employer.</p></div></div></div></div></div><div class="qp l"><div class="qq qr l"><div class="lm l bm"><a class="bn b bo bp hl br hn ho hp hq hr bd ca hs ht hu ce cg ch ci cj ck" href="https://doublepulsar.com/?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow">Read more from <!-- -->DoublePulsar</a></div></div></div><div class="o dz"><div class="eo cf fc fd fe ff fg fh fi fj fk"><div class="qs qr l"></div></div></div></div></div><div class="d"><div class="qt qu qv l pn ar ef as qw qx"><div class="o dz"><div class="fc fd qy qz ra rb eo cf"><a class="au av aw ax ay az ba bb bc bd rc rd bg re rf" aria-label="Go to homepage" href="https://medium.com/?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow"><svg viewBox="0 0 3940 610" class="hn rg"><path d="M594.79 308.2c0 163.76-131.85 296.52-294.5 296.52S5.8 472 5.8 308.2 137.65 11.69 300.29 11.69s294.5 132.75 294.5 296.51M917.86 308.2c0 154.16-65.93 279.12-147.25 279.12s-147.25-125-147.25-279.12S689.29 29.08 770.61 29.08s147.25 125 147.25 279.12M1050 308.2c0 138.12-23.19 250.08-51.79 250.08s-51.79-112-51.79-250.08 23.19-250.08 51.8-250.08S1050 170.09 1050 308.2M1862.77 37.4l.82-.18v-6.35h-167.48l-155.51 365.5-155.51-365.5h-180.48v6.35l.81.18c30.57 6.9 46.09 17.19 46.09 54.3v434.45c0 37.11-15.58 47.4-46.15 54.3l-.81.18V587H1327v-6.35l-.81-.18c-30.57-6.9-46.09-17.19-46.09-54.3V116.9L1479.87 587h11.33l205.59-483.21V536.9c-2.62 29.31-18 38.36-45.68 44.61l-.82.19v6.3h213.3v-6.3l-.82-.19c-27.71-6.25-43.46-15.3-46.08-44.61l-.14-445.2h.14c0-37.11 15.52-47.4 46.08-54.3m97.43 287.8c3.49-78.06 31.52-134.4 78.56-135.37 14.51.24 26.68 5 36.14 14.16 20.1 19.51 29.55 60.28 28.09 121.21zm-2.11 22h250v-1.05c-.71-59.69-18-106.12-51.34-138-28.82-27.55-71.49-42.71-116.31-42.71h-1c-23.26 0-51.79 5.64-72.09 15.86-23.11 10.7-43.49 26.7-60.45 47.7-27.3 33.83-43.84 79.55-47.86 130.93-.13 1.54-.24 3.08-.35 4.62s-.18 2.92-.25 4.39a332.64 332.64 0 0 0-.36 21.69C1860.79 507 1923.65 600 2035.3 600c98 0 155.07-71.64 169.3-167.8l-7.19-2.53c-25 51.68-69.9 83-121 79.18-69.76-5.22-123.2-75.95-118.35-161.63m532.69 157.68c-8.2 19.45-25.31 30.15-48.24 30.15s-43.89-15.74-58.78-44.34c-16-30.7-24.42-74.1-24.42-125.51 0-107 33.28-176.21 84.79-176.21 21.57 0 38.55 10.7 46.65 29.37zm165.84 76.28c-30.57-7.23-46.09-18-46.09-57V5.28L2424.77 60v6.7l1.14-.09c25.62-2.07 43 1.47 53.09 10.79 7.9 7.3 11.75 18.5 11.75 34.26v71.14c-18.31-11.69-40.09-17.38-66.52-17.38-53.6 0-102.59 22.57-137.92 63.56-36.83 42.72-56.3 101.1-56.3 168.81C2230 518.72 2289.53 600 2378.13 600c51.83 0 93.53-28.4 112.62-76.3V588h166.65v-6.66zm159.29-505.33c0-37.76-28.47-66.24-66.24-66.24-37.59 0-67 29.1-67 66.24s29.44 66.24 67 66.24c37.77 0 66.24-28.48 66.24-66.24m43.84 505.33c-30.57-7.23-46.09-18-46.09-57h-.13V166.65l-166.66 47.85v6.5l1 .09c36.06 3.21 45.93 15.63 45.93 57.77V588h166.8v-6.66zm427.05 0c-30.57-7.23-46.09-18-46.09-57V166.65L3082 212.92v6.52l.94.1c29.48 3.1 38 16.23 38 58.56v226c-9.83 19.45-28.27 31-50.61 31.78-36.23 0-56.18-24.47-56.18-68.9V166.66l-166.66 47.85V221l1 .09c36.06 3.2 45.94 15.62 45.94 57.77v191.27a214.48 214.48 0 0 0 3.47 39.82l3 13.05c14.11 50.56 51.08 77 109 77 49.06 0 92.06-30.37 111-77.89v66h166.66v-6.66zM3934.2 588v-6.67l-.81-.19c-33.17-7.65-46.09-22.07-46.09-51.43v-243.2c0-75.83-42.59-121.09-113.93-121.09-52 0-95.85 30.05-112.73 76.86-13.41-49.6-52-76.86-109.06-76.86-50.12 0-89.4 26.45-106.25 71.13v-69.87l-166.66 45.89v6.54l1 .09c35.63 3.16 45.93 15.94 45.93 57V588h155.5v-6.66l-.82-.2c-26.46-6.22-35-17.56-35-46.66V255.72c7-16.35 21.11-35.72 49-35.72 34.64 0 52.2 24 52.2 71.28V588h155.54v-6.66l-.82-.2c-26.46-6.22-35-17.56-35-46.66v-248a160.45 160.45 0 0 0-2.2-27.68c7.42-17.77 22.34-38.8 51.37-38.8 35.13 0 52.2 23.31 52.2 71.28V588z"></path></svg></a><div class="rh l"><p class="bn b hk bp ri"><a class="au av aw ax ay az ba bb bc bd rj bg re rf rk" href="https://medium.com/about?autoplay=1&amp;source=post_page-----54b078f1a896--------------------------------" rel="noopener follow">About</a><a class="au av aw ax ay az ba bb bc bd rj bg re rf rk" href="https://help.medium.com/hc/en-us?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow">Help</a><a class="au av aw ax ay az ba bb bc bd rj bg re rf rk" href="https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow">Terms</a><a class="au av aw ax ay az ba bb bc bd rj bg re rf" href="https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----54b078f1a896--------------------------------" rel="noopener follow">Privacy</a></p></div><div class="j i d"><hr class="dt du rl rm" aria-hidden="true"/><h2 class="bn qb do bp jk ri">Get the Medium app</h2><div class="rh o"><div class="fl l"><a class="au av aw ax ay az ba bb bc bd rc rd bg re rf" href="https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&amp;mt=8&amp;ct=post_page&amp;source=post_page-----54b078f1a896--------------------------------" rel="noopener follow"><img alt="A button that says &#x27;Download on the App Store&#x27;, and if clicked it will lead you to the iOS App store" class="" src="https://miro.medium.com/max/270/1*Crl55Tm6yDNMoucPo1tvDg.png" width="135" height="41"/></a></div><a class="au av aw ax ay az ba bb bc bd rc rd bg re rf" href="https://play.google.com/store/apps/details?id=com.medium.reader&amp;source=post_page-----54b078f1a896--------------------------------" rel="noopener follow"><img alt="A button that says &#x27;Get it on, Google Play&#x27;, and if clicked it will lead you to the Google Play store" class="" src="https://miro.medium.com/max/270/1*W_RAPQ62h0em559zluJLdQ.png" width="135" height="41"/></a></div></div></div></div></div></div></div></main><div class="eq ci c er h k j i cv es et eu"><div class="ag cf cj dq"><div class="l dc aq"><div class="es o db"><div class="l po"><div class="l c"><div class="l"><div class="qr o ao"><div class="pw-susi-button l po"><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;source=post_page--------------------------nav_reg-----------" rel="noopener follow"><button class="bn b bo bp bq br bs bt bu bv bw bx by bz ca cb cc cd ce cf cg ch ci cj ck" aria-label="sign up">Get started</button></a></span></div></div></div><div class="rn l"><div class="o iq of ro"><div class="cj" aria-hidden="false" aria-describedby="searchResults" aria-labelledby="searchResults"></div><span class="rt l"><svg width="25" height="25" viewBox="0 0 25 25" fill="rgba(8, 8, 8, 1)"><path d="M20.07 18.93l-4.16-4.15a6 6 0 1 0-.88.88l4.15 4.16a.62.62 0 1 0 .89-.89zM6.5 11a4.75 4.75 0 1 1 9.5 0 4.75 4.75 0 0 1-9.5 0z"></path></svg></span><input role="combobox" aria-controls="searchResults" aria-expanded="false" aria-label="search" tabindex="0" class="eb rp bn bo bp rk cf rq rr gc rs" placeholder="Search" value=""/></div><div class="ru l"></div><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/@networksecurity" rel="noopener follow"><div class="l dq"><img alt="Kevin Beaumont" class="l ci fn rv rw fr" src="https://miro.medium.com/fit/c/176/176/1*TPJ3sVZRlcq-rj72g82bAg@2x.jpeg" width="88" height="88"/><div class="fm fn l rv rw fq aq"></div></div></a><div class="oa l"></div><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/@networksecurity" rel="noopener follow"><h2 class="pw-author-name bn qb do bp jk gc">Kevin Beaumont</h2></a><div class="rx l"></div><p class="bn b bo bp gc"><span class="pw-follower-count bn b do dp co"><button class="au av aw ax ay az ba bb bc bd be bf bg bh bi">3.1K Followers</button></span></p><div class="ry l"></div><p class="bn b bo bp co">Everything here is my personal work and opinions.</p><div class="rz l"></div><div class="sa o"><span><a class="bn b bo bp hl br hn ho hp hq hr bd ca hs ht hu ce sb cg ch ci cj ck" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F7db6d2df42a6&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;user=Kevin+Beaumont&amp;userId=7db6d2df42a6&amp;source=post_page-7db6d2df42a6-------------------------follow_profile-----------" rel="noopener follow">Follow</a></span><div class="sc l"><div><div><div class="cj" role="tooltip" aria-hidden="false"><div class="l"><span><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Fb4bad6c46577&amp;operation=register&amp;redirect=https%3A%2F%2Fdoublepulsar.com%2Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896&amp;newsletterV3=7db6d2df42a6&amp;newsletterV3Id=b4bad6c46577&amp;user=Kevin+Beaumont&amp;userId=7db6d2df42a6&amp;source=--------------------------subscribe_user-----------" rel="noopener follow"><button class="bn b bo bp bq bb bs bt bu bv bw bx by bz ca hs ht hu ce cg ch ci cj ck" aria-label="Subscribe"><svg width="38" height="38" viewBox="0 0 38 38" fill="none" class="sd se sf"><rect x="26.25" y="9.25" width="0.5" height="6.5" rx="0.25"></rect><rect x="29.75" y="12.25" width="0.5" height="6.5" rx="0.25" transform="rotate(90 29.75 12.25)"></rect><path d="M19.5 12.5h-7a1 1 0 0 0-1 1v11a1 1 0 0 0 1 1h13a1 1 0 0 0 1-1v-5"></path><path d="M11.5 14.5L19 20l4-3"></path></svg></button></a></span></div></div></div></div></div></div><div class="sg l"><div class="l"><div class="sh ru l"><h2 class="bn qb do bp jk gc">More from <!-- -->Medium</h2></div><div class="l"><div class="cf ag"><a href="https://tales-from-a-security-professional.com/what-is-the-lifecycle-of-an-exploit-7cd46b2de1a7?source=read_next_recirc---------0---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><div class="sh o db dz"><div class="o he u"><div class="si o db sj"><div class="sk o ao"><div class="sl l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://vries-richard-de.medium.com/?source=read_next_recirc---------0---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><div class="l dq"><img alt="Richard de Vries" class="l ci fn sm sn fr" src="https://miro.medium.com/fit/c/40/40/1*uK1SRzc37ghaqfgnm6xYcQ.jpeg" width="20" height="20"/><div class="fm fn l sm sn fq aq"></div></div></a></div><div class="id l"><div><div class="cj" role="tooltip" aria-hidden="false"><div class="o"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://vries-richard-de.medium.com/?source=read_next_recirc---------0---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><p class="bn b hk bp fu fv fw fx fy fz ga gb gc">Richard de Vries</p></a></div></div></div></div><div class="id l"><p class="bn b hk bp co">in</p></div><div class="l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://tales-from-a-security-professional.com/?source=read_next_recirc---------0---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><p class="bn b hk bp fu fv fw fx fy fz ga gb gc">Tales from a Security Professional</p></a></div></div><h2 class="bn jm do bp fu so fw fx sp fz gb jk gc"><div>What is the lifecycle of an exploit?</div></h2></div><div class="sq l"><div class="m l dq fr"><div class="sr lq l"><img alt="" class="ss" src="https://miro.medium.com/focal/112/112/50/50/0*TAuC2BN0XhBEI8Eb.png" width="56" role="presentation"/></div></div></div></div></div></a></div><div class="cf ag"><a href="https://systemweakness.com/cyberthreats-listed-as-one-of-the-biggest-global-risks-for-2022-heres-what-can-you-do-to-help-9cefcc421ed4?source=read_next_recirc---------1---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><div class="sh o db dz"><div class="o he u"><div class="si o db sj"><div class="sk o ao"><div class="sl l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://andrecamillo.medium.com/?source=read_next_recirc---------1---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><div class="l dq"><img alt="Andre Camillo" class="l ci fn sm sn fr" src="https://miro.medium.com/fit/c/40/40/1*s75_RCDVyZGl_kJlbHFEsQ.png" width="20" height="20"/><div class="fm fn l sm sn fq aq"></div></div></a></div><div class="id l"><div><div class="cj" role="tooltip" aria-hidden="false"><div class="o"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://andrecamillo.medium.com/?source=read_next_recirc---------1---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><p class="bn b hk bp fu fv fw fx fy fz ga gb gc">Andre Camillo</p></a></div></div></div></div><div class="id l"><p class="bn b hk bp co">in</p></div><div class="l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://systemweakness.com/?source=read_next_recirc---------1---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><p class="bn b hk bp fu fv fw fx fy fz ga gb gc">System Weakness</p></a></div></div><h2 class="bn jm do bp fu so fw fx sp fz gb jk gc"><div>Cyberthreats listed as one of the biggest Global Risks for 2022 — here’s what can you do to help?</div></h2></div><div class="sq l"><div class="m l dq fr"><div class="sr lq l"><img alt="" class="ss" src="https://miro.medium.com/focal/112/112/50/50/0*xD14Uu6SBSKoEa46" width="56" role="presentation"/></div></div></div></div></div></a></div><div class="cf ag"><a href="https://medium.com/geekculture/how-to-use-rumble-for-asset-discovery-d2cf8f1724c3?source=read_next_recirc---------2---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><div class="sh o db dz"><div class="o he u"><div class="si o db sj"><div class="sk o ao"><div class="sl l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://bin3xish477.medium.com/?source=read_next_recirc---------2---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><div class="l dq"><img alt="Alexis Rodriguez" class="l ci fn sm sn fr" src="https://miro.medium.com/fit/c/40/40/1*XBAXHEPf4pBv7g1i_CKtHg.png" width="20" height="20"/><div class="fm fn l sm sn fq aq"></div></div></a></div><div class="id l"><div><div class="cj" role="tooltip" aria-hidden="false"><div class="o"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://bin3xish477.medium.com/?source=read_next_recirc---------2---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><p class="bn b hk bp fu fv fw fx fy fz ga gb gc">Alexis Rodriguez</p></a></div></div></div></div><div class="id l"><p class="bn b hk bp co">in</p></div><div class="l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/geekculture?source=read_next_recirc---------2---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><p class="bn b hk bp fu fv fw fx fy fz ga gb gc">Geek Culture</p></a></div></div><h2 class="bn jm do bp fu so fw fx sp fz gb jk gc"><div>How to Use Rumble For Asset Discovery</div></h2></div><div class="sq l"><div class="m l dq fr"><div class="sr lq l"><img alt="" class="ss" src="https://miro.medium.com/focal/112/112/50/50/1*k8pL0Lioo0T4GPGoUIsNcw.png" width="56" role="presentation"/></div></div></div></div></div></a></div><div class="cf ag"><a href="https://medium.com/dark-roast-security/light-roast-110-intro-to-dns-attack-types-2ceedb2981fa?source=read_next_recirc---------3---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><div class="sh o db dz"><div class="o he u"><div class="si o db sj"><div class="sk o ao"><div class="sl l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://katlyngallo.medium.com/?source=read_next_recirc---------3---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><div class="l dq"><img alt="Katlyn Gallo" class="l ci fn sm sn fr" src="https://miro.medium.com/fit/c/40/40/1*sMkbLwGsM1UtuXpc88he3g@2x.jpeg" width="20" height="20"/><div class="fm fn l sm sn fq aq"></div></div></a></div><div class="id l"><div><div class="cj" role="tooltip" aria-hidden="false"><div class="o"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://katlyngallo.medium.com/?source=read_next_recirc---------3---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><p class="bn b hk bp fu fv fw fx fy fz ga gb gc">Katlyn Gallo</p></a></div></div></div></div><div class="id l"><p class="bn b hk bp co">in</p></div><div class="l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/dark-roast-security?source=read_next_recirc---------3---------------------4cdc6c3e_548a_48e6_aa8d_c07026a79ee0-------" rel="noopener follow"><p class="bn b hk bp fu fv fw fx fy fz ga gb gc">Dark Roast Security</p></a></div></div><h2 class="bn jm do bp fu so fw fx sp fz gb jk gc"><div>Light Roast 110: Intro to DNS Attack Types</div></h2></div><div class="sq l"><div class="m l dq fr"><div class="sr lq l"><img alt="" class="ss" src="https://miro.medium.com/focal/112/112/50/50/0*U9TFhSYQLMh7m6A2.jpg" width="56" role="presentation"/></div></div></div></div></div></a></div></div></div></div></div></div></div><div class="st o he hv"><div class="su l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://help.medium.com/hc/en-us" rel="noopener follow"><p class="bn b sv sw co">Help</p></a></div><div class="su l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.statuspage.io" rel="noopener follow"><p class="bn b sv sw co">Status</p></a></div><div class="su l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://about.medium.com/creators/" rel="noopener follow"><p class="bn b sv sw co">Writers</p></a></div><div class="su l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://blog.medium.com" rel="noopener follow"><p class="bn b sv sw co">Blog</p></a></div><div class="su l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e" rel="noopener follow"><p class="bn b sv sw co">Careers</p></a></div><div class="su l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://policy.medium.com/medium-privacy-policy-f03bf92035c9" rel="noopener follow"><p class="bn b sv sw co">Privacy</p></a></div><div class="su l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://policy.medium.com/medium-terms-of-service-9db0094a1e0f" rel="noopener follow"><p class="bn b sv sw co">Terms</p></a></div><div class="su l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://medium.com/about?autoplay=1" rel="noopener follow"><p class="bn b sv sw co">About</p></a></div><div class="su l"><a class="au av aw ax ay az ba bb bc bd be bf bg bh bi" href="https://knowable.fyi" rel="noopener follow"><p class="bn b sv sw co">Knowable</p></a></div></div></div></div></div></div></div></div></div></div></div><script>window.__BUILD_ID__="main-20220506-163123-0de7a5569d"</script><script>window.__GRAPHQL_URI__ = "https://doublepulsar.com/_/graphql"</script><script>window.__PRELOADED_STATE__ = {"algolia":{"queries":{}},"auroraPage":{"isAuroraPageEnabled":false},"cache":{"experimentGroupSet":false,"reason":"","group":"control","tags":[],"serverVariantState":"","middlewareEnabled":false,"cacheStatus":"DYNAMIC","shouldUseCache":false,"vary":[]},"client":{"hydrated":false,"isUs":false,"isNativeMedium":false,"isSafariMobile":false,"isSafari":false,"isFirefox":false,"routingEntity":{"type":"COLLECTION","id":"8343faddf0ec","explicit":true},"viewerIsBot":false},"debug":{"requestId":"7d8f4047-4515-4537-9642-bdccccbf4682","hybridDevServices":[],"originalSpanCarrier":{"ot-tracer-spanid":"33b03ea214997be6","ot-tracer-traceid":"171a8b63bb1a6c1e","ot-tracer-sampled":"true"}},"multiVote":{"clapsPerPost":{}},"navigation":{"branch":{"show":null,"hasRendered":null,"blockedByCTA":false},"hideGoogleOneTap":false,"hasRenderedAlternateUserBanner":null,"currentLocation":"https:\u002F\u002Fdoublepulsar.com\u002Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896","host":"doublepulsar.com","hostname":"doublepulsar.com","referrer":"","hasSetReferrer":false,"susiModal":{"step":null,"operation":"register"},"postRead":false},"tracing":{},"config":{"nodeEnv":"production","version":"main-20220506-163123-0de7a5569d","isTaggedVersion":false,"target":"production","productName":"Medium","publicUrl":"https:\u002F\u002Fcdn-client.medium.com\u002Flite","authDomain":"medium.com","authGoogleClientId":"216296035834-k1k6qe060s2tp2a2jam4ljdcms00sttg.apps.googleusercontent.com","favicon":"production","glyphUrl":"https:\u002F\u002Fglyph.medium.com","branchKey":"key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm","lightStep":{"name":"lite-web","host":"lightstep.medium.systems","token":"ce5be895bef60919541332990ac9fef2","appVersion":"main-20220506-163123-0de7a5569d","disableClientReporting":true},"algolia":{"appId":"MQ57UUUQZ2","apiKeySearch":"394474ced050e3911ae2249ecc774921","indexPrefix":"medium_","host":"-dsn.algolia.net"},"recaptchaKey":"6Lfc37IUAAAAAKGGtC6rLS13R1Hrw_BqADfS1LRk","recaptcha3Key":"6Lf8R9wUAAAAABMI_85Wb8melS7Zj6ziuf99Yot5","datadog":{"applicationId":"6702d87d-a7e0-42fe-bbcb-95b469547ea0","clientToken":"pub853ea8d17ad6821d9f8f11861d23dfed","rumToken":"pubf9cc52896502b9413b68ba36fc0c7162","context":{"deployment":{"target":"production","tag":"main-20220506-163123-0de7a5569d","commit":"0de7a5569d84602d6e2f7a7fc3b2f88d01757d3a"}},"datacenter":"us"},"googleAnalyticsCode":"UA-24232453-2","googlePay":{"apiVersion":"2","apiVersionMinor":"0","merchantId":"BCR2DN6TV7EMTGBM","merchantName":"Medium","instanceMerchantId":"13685562959212738550"},"applePay":{"version":3},"signInWallCustomDomainCollectionIds":["3a8144eabfe3","336d898217ee","61061eb0c96b","138adf9c44c","819cc2aaeee0"],"mediumOwnedAndOperatedCollectionIds":["8a9336e5bb4","b7e45b22fec3","193b68bd4fba","8d6b8a439e32","54c98c43354d","3f6ecf56618","d944778ce714","92d2092dc598","ae2a65f35510","1285ba81cada","544c7006046e","fc8964313712","40187e704f1c","88d9857e584e","7b6769f2748b","bcc38c8f6edf","cef6983b292","cb8577c9149e","444d13b52878","713d7dbc99b0","ef8e90590e66","191186aaafa0","55760f21cdc5","9dc80918cc93","bdc4052bbdba","8ccfed20cbb2"],"tierOneDomains":["medium.com","thebolditalic.com","arcdigital.media","towardsdatascience.com","uxdesign.cc","codeburst.io","psiloveyou.xyz","writingcooperative.com","entrepreneurshandbook.co","prototypr.io","betterhumans.coach.me","theascent.pub"],"topicsToFollow":["d61cf867d93f","8a146bc21b28","1eca0103fff3","4d562ee63426","aef1078a3ef5","e15e46793f8d","6158eb913466","55f1c20aba7a","3d18b94f6858","4861fee224fd","63c6f1f93ee","1d98b3a9a871","decb52b64abf","ae5d4995e225","830cded25262"],"topicToTagMappings":{"accessibility":"accessibility","addiction":"addiction","android-development":"android-development","art":"art","artificial-intelligence":"artificial-intelligence","astrology":"astrology","basic-income":"basic-income","beauty":"beauty","biotech":"biotech","blockchain":"blockchain","books":"books","business":"business","cannabis":"cannabis","cities":"cities","climate-change":"climate-change","comics":"comics","coronavirus":"coronavirus","creativity":"creativity","cryptocurrency":"cryptocurrency","culture":"culture","cybersecurity":"cybersecurity","data-science":"data-science","design":"design","digital-life":"digital-life","disability":"disability","economy":"economy","education":"education","equality":"equality","family":"family","feminism":"feminism","fiction":"fiction","film":"film","fitness":"fitness","food":"food","freelancing":"freelancing","future":"future","gadgets":"gadgets","gaming":"gaming","gun-control":"gun-control","health":"health","history":"history","humor":"humor","immigration":"immigration","ios-development":"ios-development","javascript":"javascript","justice":"justice","language":"language","leadership":"leadership","lgbtqia":"lgbtqia","lifestyle":"lifestyle","machine-learning":"machine-learning","makers":"makers","marketing":"marketing","math":"math","media":"media","mental-health":"mental-health","mindfulness":"mindfulness","money":"money","music":"music","neuroscience":"neuroscience","nonfiction":"nonfiction","outdoors":"outdoors","parenting":"parenting","pets":"pets","philosophy":"philosophy","photography":"photography","podcasts":"podcast","poetry":"poetry","politics":"politics","privacy":"privacy","product-management":"product-management","productivity":"productivity","programming":"programming","psychedelics":"psychedelics","psychology":"psychology","race":"race","relationships":"relationships","religion":"religion","remote-work":"remote-work","san-francisco":"san-francisco","science":"science","self":"self","self-driving-cars":"self-driving-cars","sexuality":"sexuality","social-media":"social-media","society":"society","software-engineering":"software-engineering","space":"space","spirituality":"spirituality","sports":"sports","startups":"startup","style":"style","technology":"technology","transportation":"transportation","travel":"travel","true-crime":"true-crime","tv":"tv","ux":"ux","venture-capital":"venture-capital","visual-design":"visual-design","work":"work","world":"world","writing":"writing"},"defaultImages":{"avatar":{"imageId":"1*dmbNkD5D-u45r44go_cf0g.png","height":150,"width":150},"orgLogo":{"imageId":"1*OMF3fSqH8t4xBJ9-6oZDZw.png","height":106,"width":545},"postLogo":{"imageId":"1*kFrc4tBFM_tCis-2Ic87WA.png","height":810,"width":1440},"postPreviewImage":{"imageId":"1*hn4v1tCaJy7cWMyb0bpNpQ.png","height":386,"width":579}},"collectionStructuredData":{"8d6b8a439e32":{"name":"Elemental","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F980\u002F1*9ygdqoKprhwuTVKUM0DLPA@2x.png","width":980,"height":159}}},"3f6ecf56618":{"name":"Forge","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F596\u002F1*uULpIlImcO5TDuBZ6lm7Lg@2x.png","width":596,"height":183}}},"ae2a65f35510":{"name":"GEN","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F264\u002F1*RdVZMdvfV3YiZTw6mX7yWA.png","width":264,"height":140}}},"88d9857e584e":{"name":"LEVEL","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*JqYMhNX6KNNb2UlqGqO2WQ.png","width":540,"height":108}}},"7b6769f2748b":{"name":"Marker","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F383\u002F1*haCUs0wF6TgOOvfoY-jEoQ@2x.png","width":383,"height":92}}},"444d13b52878":{"name":"OneZero","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*cw32fIqCbRWzwJaoQw6BUg.png","width":540,"height":123}}},"8ccfed20cbb2":{"name":"Zora","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*tZUQqRcCCZDXjjiZ4bDvgQ.png","width":540,"height":106}}}},"embeddedPostIds":{"coronavirus":"cd3010f9d81f"},"sharedCdcMessaging":{"COVID_APPLICABLE_TAG_SLUGS":[],"COVID_APPLICABLE_TOPIC_NAMES":[],"COVID_APPLICABLE_TOPIC_NAMES_FOR_TOPIC_PAGE":[],"COVID_MESSAGES":{"tierA":{"text":"For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":66,"end":73,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"tierB":{"text":"Anyone can publish on Medium per our Policies, but we don’t fact-check every story. For more info about the coronavirus, see cdc.gov.","markups":[{"start":37,"end":45,"href":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Fcategories\u002F201931128-Policies-Safety"},{"start":125,"end":132,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"paywall":{"text":"This article has been made free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":56,"end":70,"href":"https:\u002F\u002Fmedium.com\u002Fmembership"},{"start":138,"end":145,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"unbound":{"text":"This article is free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":45,"end":59,"href":"https:\u002F\u002Fmedium.com\u002Fmembership"},{"start":127,"end":134,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]}},"COVID_BANNER_POST_ID_OVERRIDE_WHITELIST":["3b31a67bff4a"]},"sharedVoteMessaging":{"TAGS":["politics","election-2020","government","us-politics","election","2020-presidential-race","trump","donald-trump","democrats","republicans","congress","republican-party","democratic-party","biden","joe-biden","maga"],"TOPICS":["politics","election"],"MESSAGE":{"text":"Find out more about the U.S. election results here.","markups":[{"start":46,"end":50,"href":"https:\u002F\u002Fcookpolitical.com\u002F2020-national-popular-vote-tracker"}]},"EXCLUDE_POSTS":["397ef29e3ca5"]},"embedPostRules":[],"recircOptions":{"v1":{"limit":3},"v2":{"limit":8}},"braintreeClientKey":"production_zjkj96jm_m56f8fqpf7ngnrd4","braintree":{"enabled":true,"merchantId":"m56f8fqpf7ngnrd4","merchantAccountId":{"usd":"AMediumCorporation_instant","eur":"amediumcorporation_EUR","cad":"amediumcorporation_CAD"},"publicKey":"ds2nn34bg2z7j5gd","braintreeEnvironment":"production","dashboardUrl":"https:\u002F\u002Fwww.braintreegateway.com\u002Fmerchants","gracePeriodDurationInDays":14,"mediumMembershipPlanId":{"monthly":"ce105f8c57a3","monthlyWithTrial":"d5ee3dbe3db8","yearly":"a40ad4a43185","yearlyStaff":"d74fb811198a","yearlyWithTrial":"b3bc7350e5c7","monthlyCad":"p52orjkaceei","yearlyCad":"h4q9g2up9ktt"},"braintreeDiscountId":{"oneMonthFree":"MONTHS_FREE_01","threeMonthsFree":"MONTHS_FREE_03","sixMonthsFree":"MONTHS_FREE_06"},"3DSecureVersion":"2","defaultCurrency":"usd","providerPlanIdCurrency":{"4ycw":"usd","rz3b":"usd","3kqm":"usd","jzw6":"usd","c2q2":"usd","nnsw":"usd","fx7w":"cad","nwf2":"cad"}},"paypalClientId":"AXj1G4fotC2GE8KzWX9mSxCH1wmPE3nJglf4Z2ig_amnhvlMVX87otaq58niAg9iuLktVNF_1WCMnN7v","paypal":{"host":"https:\u002F\u002Fapi.paypal.com:443","clientMode":"production","serverMode":"live","webhookId":"4G466076A0294510S","monthlyPlan":{"planId":"P-9WR0658853113943TMU5FDQA","name":"Medium Membership (Monthly) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"yearlyPlan":{"planId":"P-7N8963881P8875835MU5JOPQ","name":"Medium Membership (Annual) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"oneYearGift":{"name":"Medium Membership (1 Year, Digital Gift Code)","description":"Unlimited access to the best and brightest stories on Medium. Gift codes can be redeemed at medium.com\u002Fredeem.","price":"50.00","currency":"USD","sku":"membership-gift-1-yr"},"oldMonthlyPlan":{"planId":"P-96U02458LM656772MJZUVH2Y","name":"Medium Membership (Monthly)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"oldYearlyPlan":{"planId":"P-59P80963JF186412JJZU3SMI","name":"Medium Membership (Annual)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"monthlyPlanWithTrial":{"planId":"P-66C21969LR178604GJPVKUKY","name":"Medium Membership (Monthly) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"yearlyPlanWithTrial":{"planId":"P-6XW32684EX226940VKCT2MFA","name":"Medium Membership (Annual) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"oldMonthlyPlanNoSetupFee":{"planId":"P-4N046520HR188054PCJC7LJI","name":"Medium Membership (Monthly)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"oldYearlyPlanNoSetupFee":{"planId":"P-7A4913502Y5181304CJEJMXQ","name":"Medium Membership (Annual)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"sdkUrl":"https:\u002F\u002Fwww.paypal.com\u002Fsdk\u002Fjs"},"stripePublishableKey":"pk_live_7FReX44VnNIInZwrIIx6ghjl","log":{"json":true,"level":"info"}},"session":{"xsrf":""}}</script><script>window.__APOLLO_STATE__ = {"ROOT_QUERY":{"__typename":"Query","viewer":null,"variantFlags":[{"__typename":"VariantFlag","name":"enable_digest_tagline","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_filter_by_resend_rules","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_homepage_reading_list","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_legacy_feed_in_iceland","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_tribute_landing_page","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"ios_social_share_sheet","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"author_under_quota_fair_distribution","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_group_gifting","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_lite_pub_homepage_for_selected_domains","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_reply_to_email","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"ios_iceland_nux","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_digest_generation_pipeline","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"redefined_top_posts","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"allow_access","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_pp_dashboard_referred_earnings","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_import","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"posts_under_quota_fair_distribution","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_new_three_dot_menu","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_lite_topics","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_author_cards_byline","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_apple_sign_in","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_pill_based_home_feed","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"ios_in_app_free_trial","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_tick_landing_page","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"textshots_userid","valueType":{"__typename":"VariantFlagString","value":""}},{"__typename":"VariantFlag","name":"enable_app_flirty_thirty","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_recirc_reboot_lo","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_highlander_member_digest","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_new_member_welcome_email_enhancement","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"android_two_hour_refresh","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_evhead_com_to_ev_medium_com_redirect","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_signup_friction","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_tag_recs","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_aurora_about_page_routing","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_author_cards","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_fdh_hybrid_fallback","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_braintree_integration","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"coronavirus_topic_recirc","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_seamless_social_sharing","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_braintree_paypal","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_branch_text_me_the_app","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_rito_upstream_deadlines","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"available_annual_plan","valueType":{"__typename":"VariantFlagString","value":"2c754bcc2995"}},{"__typename":"VariantFlag","name":"enable_starspace","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_updated_follower_email","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"provider_for_credit_card_form","valueType":{"__typename":"VariantFlagString","value":"BRAINTREE"}},{"__typename":"VariantFlag","name":"enable_hightower_user_bonus","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_li_homepage_write_cta","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_lite_homepage","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_google_webhook","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_braintree_apple_pay","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_medium2_kbfd","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"ios_enable_lock_responses","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_paywall_conversions_for_referred_members","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_triton_recirc","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_ios_autorefresh","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_ml_rank_rex_anno","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"limit_post_referrers","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"allow_signup","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_email_sign_in_captcha","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_in_context_sharing","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"unhide_mobile_ctas","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_mobile_web_editor_redirect_route","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_trumpland_landing_page","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_google_one_tap","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_lite_server_upstream_deadlines","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"disable_mobile_featured_chunk","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_more_for_you","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"author_fair_distribution_non_qp3","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_referred_memberships","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"signin_services","valueType":{"__typename":"VariantFlagString","value":"twitter,facebook,google,email,google-fastidv,google-one-tap,apple"}},{"__typename":"VariantFlag","name":"ios_display_paywall_after_onboarding","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"available_monthly_plan","valueType":{"__typename":"VariantFlagString","value":"60e220181034"}},{"__typename":"VariantFlag","name":"enable_lite_continue_this_thread","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"skip_sign_in_recaptcha","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"author_fair_distribution_non_qp","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_branch_io","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_post_page_write_cta","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_newsletter_lo_flow_custom_domains","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"limit_user_follows","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"allow_test_auth","valueType":{"__typename":"VariantFlagString","value":"disallow"}},{"__typename":"VariantFlag","name":"pub_sidebar","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_referred_memberships_custom_messaging","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_updated_new_user_onboarding","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_creator_welcome_email","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_expanded_feature_chunk_pool","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_footer_app_buttons","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_twitter_auth_suggestions","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"browsable_stream_config_bucket","valueType":{"__typename":"VariantFlagString","value":"curated-topics"}},{"__typename":"VariantFlag","name":"enable_post_settings_screen","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_subscriber_stats_referred","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"disable_partner_program_enrollment","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_aurora_tag_page_routing","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_hot_topics","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_aurora_nav","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_braintree_client","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_lite_response_markup","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_updated_new_member_email","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"show_pp_awareness_banner","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_braintree_google_pay","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_speechify_widget","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_creator_about_editor","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_iceland_forced_android","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_aurora_pub_follower_page","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_automod","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_marketing_emails","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_hot_topics_v2","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_auto_follow_on_subscribe","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_annual_renewal_reminder_email","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"glyph_font_set","valueType":{"__typename":"VariantFlagString","value":"m2-unbound"}},{"__typename":"VariantFlag","name":"skip_fs_cache_user_vals","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"ios_enable_home_post_menu","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"signup_services","valueType":{"__typename":"VariantFlagString","value":"twitter,facebook,google,email,google-fastidv,google-one-tap,apple"}},{"__typename":"VariantFlag","name":"enable_apple_webhook","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_braintree_trial_membership","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"covid_19_cdc_banner","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_rex_reading_history","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_braintree_webhook","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_custom_domain_v2_settings","valueType":{"__typename":"VariantFlagBoolean","value":true}},{"__typename":"VariantFlag","name":"enable_mute","valueType":{"__typename":"VariantFlagBoolean","value":true}}],"collectionByDomainOrSlug({\"domainOrSlug\":\"doublepulsar.com\"})":{"__ref":"Collection:8343faddf0ec"},"postResult({\"id\":\"54b078f1a896\"})":{"__ref":"Post:54b078f1a896"},"recirc({\"paging\":{\"limit\":4},\"postId\":\"54b078f1a896\"})":{"__typename":"RexRecircResult","items":[{"__typename":"RexRecircItem","post":{"__ref":"Post:7cd46b2de1a7"},"feedId":"4cdc6c3e-548a-48e6-aa8d-c07026a79ee0"},{"__typename":"RexRecircItem","post":{"__ref":"Post:9cefcc421ed4"},"feedId":"4cdc6c3e-548a-48e6-aa8d-c07026a79ee0"},{"__typename":"RexRecircItem","post":{"__ref":"Post:d2cf8f1724c3"},"feedId":"4cdc6c3e-548a-48e6-aa8d-c07026a79ee0"},{"__typename":"RexRecircItem","post":{"__ref":"Post:2ceedb2981fa"},"feedId":"4cdc6c3e-548a-48e6-aa8d-c07026a79ee0"}]},"user({\"id\":\"7db6d2df42a6\"})":{"__ref":"User:7db6d2df42a6"},"userResult({\"id\":\"7db6d2df42a6\"})":{"__ref":"User:7db6d2df42a6"}},"ImageMetadata:1*euFkwA7zJWm-l7aDoNtJrw.jpeg":{"id":"1*euFkwA7zJWm-l7aDoNtJrw.jpeg","__typename":"ImageMetadata"},"Collection:8343faddf0ec":{"id":"8343faddf0ec","__typename":"Collection","favicon":{"__ref":"ImageMetadata:1*euFkwA7zJWm-l7aDoNtJrw.jpeg"},"customStyleSheet":null,"colorPalette":{"__typename":"ColorPalette","highlightSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FFFFFFFF","colorPoints":[{"__typename":"ColorPoint","color":"#FFF7F1F0","point":0},{"__typename":"ColorPoint","color":"#FFF5EFEE","point":0.1},{"__typename":"ColorPoint","color":"#FFF3EDEC","point":0.2},{"__typename":"ColorPoint","color":"#FFF2EBEA","point":0.3},{"__typename":"ColorPoint","color":"#FFF0E9E8","point":0.4},{"__typename":"ColorPoint","color":"#FFEFE7E6","point":0.5},{"__typename":"ColorPoint","color":"#FFEDE5E4","point":0.6},{"__typename":"ColorPoint","color":"#FFECE3E2","point":0.7},{"__typename":"ColorPoint","color":"#FFEAE1E0","point":0.8},{"__typename":"ColorPoint","color":"#FFE8DFDE","point":0.9},{"__typename":"ColorPoint","color":"#FFE7DDDC","point":1}]},"defaultBackgroundSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FFFFFFFF","colorPoints":[{"__typename":"ColorPoint","color":"#FF8B8281","point":0},{"__typename":"ColorPoint","color":"#FF817978","point":0.1},{"__typename":"ColorPoint","color":"#FF77706F","point":0.2},{"__typename":"ColorPoint","color":"#FF6D6666","point":0.3},{"__typename":"ColorPoint","color":"#FF635D5C","point":0.4},{"__typename":"ColorPoint","color":"#FF585352","point":0.5},{"__typename":"ColorPoint","color":"#FF4D4848","point":0.6},{"__typename":"ColorPoint","color":"#FF413E3D","point":0.7},{"__typename":"ColorPoint","color":"#FF353232","point":0.8},{"__typename":"ColorPoint","color":"#FF292626","point":0.9},{"__typename":"ColorPoint","color":"#FF1B1919","point":1}]},"tintBackgroundSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FFEFE3E2","colorPoints":[{"__typename":"ColorPoint","color":"#FFEFE3E2","point":0},{"__typename":"ColorPoint","color":"#FFDED2D1","point":0.1},{"__typename":"ColorPoint","color":"#FFCDC1C0","point":0.2},{"__typename":"ColorPoint","color":"#FFBBB0AF","point":0.3},{"__typename":"ColorPoint","color":"#FFA89E9D","point":0.4},{"__typename":"ColorPoint","color":"#FF958C8B","point":0.5},{"__typename":"ColorPoint","color":"#FF827978","point":0.6},{"__typename":"ColorPoint","color":"#FF6D6564","point":0.7},{"__typename":"ColorPoint","color":"#FF584F4F","point":0.8},{"__typename":"ColorPoint","color":"#FF403938","point":0.9},{"__typename":"ColorPoint","color":"#FF261F1F","point":1}]}},"slug":"doublepulsar","name":"DoublePulsar","domain":"doublepulsar.com","googleAnalyticsId":null,"newsletterV3":{"__ref":"NewsletterV3:bf3adc545c1c"},"avatar":{"__ref":"ImageMetadata:1*euFkwA7zJWm-l7aDoNtJrw.jpeg"},"isAuroraVisible":false,"legacyHeaderBackgroundImage":{"__ref":"ImageMetadata:1*CbguYeeg5qITUz7PmgrFFA.jpeg"},"navItems":[{"__typename":"NavItem","tagSlug":null,"title":"Cybersecurity News","url":"https:\u002F\u002Fdoublepulsar.com\u002Farchive"},{"__typename":"NavItem","tagSlug":null,"title":"Ransomware Threats","url":"https:\u002F\u002Fdoublepulsar.com\u002Fransomware\u002Fhome"},{"__typename":"NavItem","tagSlug":null,"title":"Threat Honeypots","url":"https:\u002F\u002Fdoublepulsar.com\u002Fcybersecurity-threat-honeypots\u002Fhome"},{"__typename":"NavItem","tagSlug":null,"title":"Contact","url":"https:\u002F\u002Fdoublepulsar.com\u002Fabout"},{"__typename":"NavItem","tagSlug":null,"title":"Newsletter","url":"https:\u002F\u002Fmedium.com\u002Fdoublepulsar\u002Fnewsletters\u002Fdoublepulsar-cybersecurity-threat-intelligence"}],"logo":{"__ref":"ImageMetadata:1*bry5HIDtIpONm_IDzSVYWA.jpeg"},"subscriberCount":7168,"twitterUsername":"GossiTheDog","facebookPageId":null,"creator":{"__ref":"User:7db6d2df42a6"},"customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","status":"ACTIVE","isSubdomain":false}},"ptsQualifiedAt":1616092935310,"description":"Cybersecurity from the trenches, written by Kevin Beaumont. Opinions are of the author alone, not their employer.","isAuroraEligible":false,"viewerEdge":{"__ref":"CollectionViewerEdge:collectionId:8343faddf0ec-viewerId:lo_9b52e2fa2c9e"}},"CustomStyleSheet:1f0f3e90d179":{"id":"1f0f3e90d179","__typename":"CustomStyleSheet","blogroll":{"__typename":"BlogrollConfiguration","visibility":"BLOGROLL_VISIBILITY_SIDEBAR"},"global":{"__typename":"GlobalStyles","colorPalette":null,"fonts":{"__typename":"StyleSheetFonts","font1":{"__typename":"StyleSheetFont","name":"SERIF_1"},"font2":{"__typename":"StyleSheetFont","name":"SANS_SERIF_1"},"font3":{"__typename":"StyleSheetFont","name":"SERIF_2"}}},"header":{"__typename":"HeaderStyles","headerScale":"HEADER_SCALE_MEDIUM","backgroundImageDisplayMode":"IMAGE_DISPLAY_MODE_FILL","backgroundImageVerticalAlignment":"START","backgroundColorDisplayMode":"COLOR_DISPLAY_MODE_VERTICAL_GRADIENT","backgroundColor":{"__typename":"ColorValue","alpha":"ff","rgb":"1f44bb","colorPalette":{"__typename":"ColorPalette","tintBackgroundSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FF1f44bb","colorPoints":[{"__typename":"ColorPoint","color":"#FF1F44BB","point":0},{"__typename":"ColorPoint","color":"#FF395EC5","point":0.1},{"__typename":"ColorPoint","color":"#FF5174CF","point":0.2},{"__typename":"ColorPoint","color":"#FF6888D9","point":0.3},{"__typename":"ColorPoint","color":"#FF7E9BE3","point":0.4},{"__typename":"ColorPoint","color":"#FF93ADED","point":0.5},{"__typename":"ColorPoint","color":"#FFA8BFF6","point":0.6},{"__typename":"ColorPoint","color":"#FFBDD0FE","point":0.7},{"__typename":"ColorPoint","color":"#FFD1E0FF","point":0.8},{"__typename":"ColorPoint","color":"#FFE4F0FF","point":0.9},{"__typename":"ColorPoint","color":"#FFF8FFFF","point":1}]}}},"secondaryBackgroundColor":null,"postBackgroundColor":{"__typename":"ColorValue","rgb":"5971bd","alpha":"ff","colorPalette":{"__typename":"ColorPalette","tintBackgroundSpectrum":{"__typename":"ColorSpectrum","backgroundColor":"#FF5971bd","colorPoints":[{"__typename":"ColorPoint","color":"#FF5971BD","point":0},{"__typename":"ColorPoint","color":"#FF6B81C7","point":0.1},{"__typename":"ColorPoint","color":"#FF7C91D0","point":0.2},{"__typename":"ColorPoint","color":"#FF8DA0D9","point":0.3},{"__typename":"ColorPoint","color":"#FF9DAFE2","point":0.4},{"__typename":"ColorPoint","color":"#FFAEBDEA","point":0.5},{"__typename":"ColorPoint","color":"#FFBECAF2","point":0.6},{"__typename":"ColorPoint","color":"#FFCDD8F9","point":0.7},{"__typename":"ColorPoint","color":"#FFDDE5FF","point":0.8},{"__typename":"ColorPoint","color":"#FFECF2FF","point":0.9},{"__typename":"ColorPoint","color":"#FFFBFFFF","point":1}]}}},"backgroundImage":null,"logoImage":null,"appNameColor":null,"appNameTreatment":"NAME_TREATMENT_TEXT","nameTreatment":"NAME_TREATMENT_TEXT","horizontalAlignment":"START","nameColor":{"__typename":"ColorValue","rgb":"0b0b0b","alpha":"ff"},"postNameTreatment":"NAME_TREATMENT_LOGO","logoScale":"HEADER_SCALE_LARGE","taglineColor":null,"taglineTreatment":"TAGLINE_TREATMENT_SIDEBAR"},"navigation":null},"UserViewerEdge:userId:7db6d2df42a6-viewerId:lo_9b52e2fa2c9e":{"id":"userId:7db6d2df42a6-viewerId:lo_9b52e2fa2c9e","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"NewsletterV3:b4bad6c46577":{"id":"b4bad6c46577","__typename":"NewsletterV3","type":"NEWSLETTER_TYPE_AUTHOR","slug":"7db6d2df42a6","name":"7db6d2df42a6","collection":null,"user":{"__ref":"User:7db6d2df42a6"},"description":"","promoHeadline":"","promoBody":"","showPromo":false,"subscribersCount":13},"User:7db6d2df42a6":{"id":"7db6d2df42a6","__typename":"User","name":"Kevin Beaumont","username":"networksecurity","newsletterV3":{"__ref":"NewsletterV3:b4bad6c46577"},"imageId":"1*TPJ3sVZRlcq-rj72g82bAg@2x.jpeg","socialStats":{"__typename":"SocialStats","followerCount":3104,"followingCount":90,"collectionFollowingCount":7},"customStyleSheet":{"__ref":"CustomStyleSheet:1f0f3e90d179"},"bio":"Everything here is my personal work and opinions.","isPartnerProgramEnrolled":true,"viewerEdge":{"__ref":"UserViewerEdge:userId:7db6d2df42a6-viewerId:lo_9b52e2fa2c9e"},"viewerIsUser":false,"customDomainState":null,"hasSubdomain":false,"postSubscribeMembershipUpsellShownAt":0,"isSuspended":false,"about":"","homepagePostsConnection({\"paging\":{\"limit\":1}})":{"__typename":"PostConnection","posts":[{"__ref":"Post:54b078f1a896"}]},"mediumMemberAt":0,"allowNotes":true,"twitterScreenName":"","referredMembershipCustomHeadline":"","referredMembershipCustomBody":"","isAuroraVisible":true,"atsQualifiedAt":1625420954794,"followersUserConnection({\"paging\":{\"limit\":10}})":{"__typename":"UserConnection","users":[{"__ref":"User:10461b8c86ef"},{"__ref":"User:106b58b5a19b"},{"__ref":"User:108093fb25ff"},{"__ref":"User:108994eb3352"},{"__ref":"User:10b1b357a15d"},{"__ref":"User:10b1be56d734"},{"__ref":"User:10cb72175e53"},{"__ref":"User:10d184b80914"},{"__ref":"User:10de2a453240"},{"__ref":"User:10ec36631bef"}],"pagingInfo":{"__typename":"Paging","next":{"__typename":"PageParams","to":null,"from":"10ec36631bef","limit":10}}}},"Post:54b078f1a896":{"id":"54b078f1a896","__typename":"Post","firstPublishedAt":1651937770628,"visibility":"LOCKED","creator":{"__ref":"User:7db6d2df42a6"},"canonicalUrl":"","collection":{"__ref":"Collection:8343faddf0ec"},"content({\"postMeteringOptions\":null})":{"__typename":"PostContent","isLockedPreviewOnly":false,"validatedShareKey":"","bodyModel":{"__typename":"RichText","paragraphs":[{"__ref":"Paragraph:5ab15006daf6_0"},{"__ref":"Paragraph:5ab15006daf6_1"},{"__ref":"Paragraph:5ab15006daf6_2"},{"__ref":"Paragraph:5ab15006daf6_3"},{"__ref":"Paragraph:5ab15006daf6_4"},{"__ref":"Paragraph:5ab15006daf6_5"},{"__ref":"Paragraph:5ab15006daf6_6"},{"__ref":"Paragraph:5ab15006daf6_7"},{"__ref":"Paragraph:5ab15006daf6_8"},{"__ref":"Paragraph:5ab15006daf6_9"},{"__ref":"Paragraph:5ab15006daf6_10"},{"__ref":"Paragraph:5ab15006daf6_11"},{"__ref":"Paragraph:5ab15006daf6_12"},{"__ref":"Paragraph:5ab15006daf6_13"},{"__ref":"Paragraph:5ab15006daf6_14"},{"__ref":"Paragraph:5ab15006daf6_15"},{"__ref":"Paragraph:5ab15006daf6_16"},{"__ref":"Paragraph:5ab15006daf6_17"},{"__ref":"Paragraph:5ab15006daf6_18"},{"__ref":"Paragraph:5ab15006daf6_19"},{"__ref":"Paragraph:5ab15006daf6_20"},{"__ref":"Paragraph:5ab15006daf6_21"},{"__ref":"Paragraph:5ab15006daf6_22"},{"__ref":"Paragraph:5ab15006daf6_23"},{"__ref":"Paragraph:5ab15006daf6_24"},{"__ref":"Paragraph:5ab15006daf6_25"},{"__ref":"Paragraph:5ab15006daf6_26"},{"__ref":"Paragraph:5ab15006daf6_27"}],"sections":[{"__typename":"Section","name":"4d5c","startIndex":0,"textLayout":null,"imageLayout":null,"backgroundImage":null,"videoLayout":null,"backgroundVideo":null}]}},"customStyleSheet":null,"isPublished":true,"isLocked":true,"license":"ALL_RIGHTS_RESERVED","isMarkedPaywallOnly":false,"mediumUrl":"https:\u002F\u002Fdoublepulsar.com\u002Fbpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896","allowResponses":true,"postResponses":{"__typename":"PostResponses","count":1},"isLimitedState":false,"isNewsletter":false,"layerCake":3,"tags":[{"__ref":"Tag:bpfdoor"},{"__ref":"Tag:cybersecurity"}],"topics":[{"__typename":"Topic","name":"Cybersecurity"}],"isSeries":false,"sequence":null,"uniqueSlug":"bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896","primaryTopic":{"__ref":"Topic:d4e7f4144ac5"},"socialTitle":"","socialDek":"","noIndex":null,"curationStatus":"CURATION_STATUS_DISTRIBUTED","metaDescription":"","latestPublishedAt":1651938626307,"readingTime":2.406603773584906,"previewContent":{"__typename":"PreviewContent","subtitle":"Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen…"},"previewImage":{"__ref":"ImageMetadata:1*IXT0IHLg56KOuzwIEsAKfA.png"},"isShortform":false,"isSuspended":false,"responseRootPost":{"__typename":"ResponseRootPost","post":{"__ref":"Post:54b078f1a896"}},"lockedSource":"LOCKED_POST_SOURCE_UGC","clapCount":24,"statusForCollection":"APPROVED","pendingCollection":null,"title":"BPFDoor — an active Chinese global surveillance tool","inResponseToEntityType":null,"seoTitle":"","updatedAt":1651938635783,"shortformType":"SHORTFORM_TYPE_LINK","seoDescription":"","isIndexable":true,"pinnedAt":0,"internalLinks({\"paging\":{\"limit\":8}})":{"__typename":"InternalLinksConnection","items":[]},"pinnedByCreatorAt":0,"curationEligibleAt":1651937769051,"responseDistribution":"NOT_DISTRIBUTED","inResponseToPostResult":null,"inResponseToCatalogResult":null,"latestPublishedVersion":"5ab15006daf6","isAuthorNewsletter":true,"voterCount":5,"recommenders":[]},"NewsletterV3:bf3adc545c1c":{"id":"bf3adc545c1c","__typename":"NewsletterV3","slug":"doublepulsar-cybersecurity-threat-intelligence","name":"DoublePulsar Cybersecurity Threat Intelligence","description":"Threat Intelligence, from porgs, direct to your email box.","promoHeadline":"","promoBody":"","collection":{"__ref":"Collection:8343faddf0ec"},"type":"NEWSLETTER_TYPE_COLLECTION","user":{"__ref":"User:7db6d2df42a6"},"showPromo":true},"ImageMetadata:1*CbguYeeg5qITUz7PmgrFFA.jpeg":{"id":"1*CbguYeeg5qITUz7PmgrFFA.jpeg","__typename":"ImageMetadata","originalWidth":1200,"focusPercentX":58.214285714285715,"focusPercentY":86.85714285714286},"ImageMetadata:1*bry5HIDtIpONm_IDzSVYWA.jpeg":{"id":"1*bry5HIDtIpONm_IDzSVYWA.jpeg","__typename":"ImageMetadata","originalHeight":349,"originalWidth":794},"Paragraph:5ab15006daf6_0":{"id":"5ab15006daf6_0","__typename":"Paragraph","name":"68b0","text":"BPFDoor — an active Chinese global surveillance tool","type":"H3","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_1":{"id":"5ab15006daf6_1","__typename":"Paragraph","name":"b586","text":"Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen, a Chinese threat actor group.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_2":{"id":"5ab15006daf6_2","__typename":"Paragraph","name":"353d","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:0*Su8mxpojVBSA5vu5"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_3":{"id":"5ab15006daf6_3","__typename":"Paragraph","name":"0d2f","text":"You can read more in PwC’s great, yearly threat intelligence brief, here.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":68,"end":72,"href":"https:\u002F\u002Fwww.pwc.com\u002Fgx\u002Fen\u002Fissues\u002Fcybersecurity\u002Fcyber-threat-intelligence\u002Fcyber-year-in-retrospect\u002Fyir-cyber-threats-report-download.pdf","anchorType":"LINK","userId":null,"linkMetadata":null}]},"Paragraph:5ab15006daf6_4":{"id":"5ab15006daf6_4","__typename":"Paragraph","name":"65c5","text":"PwC plan to present their findings in June:","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_5":{"id":"5ab15006daf6_5","__typename":"Paragraph","name":"fa5b","text":"","type":"IFRAME","href":null,"layout":"INSET_CENTER","metadata":null,"hasDropCap":null,"iframe":{"__typename":"Iframe","mediaResource":{"__ref":"MediaResource:86beb9a1d5198a3383c114c46be9ffcf"}},"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_6":{"id":"5ab15006daf6_6","__typename":"Paragraph","name":"4462","text":"BPFDoor is interesting. It allows a threat actor to backdoor a system for remote code execution, without opening any new network ports or firewall rules. For example, if a webapp exists on port 443, it can listen and react on the existing port 443, and the implant can be reached over the webapp port (even with the webapp running). This is because it uses a BPF packet filter.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":true,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_7":{"id":"5ab15006daf6_7","__typename":"Paragraph","name":"3b9e","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:1*IXT0IHLg56KOuzwIEsAKfA.png"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_8":{"id":"5ab15006daf6_8","__typename":"Paragraph","name":"0001","text":"Operators have access to a tool which allows communication to the implants, using a password, which allows features such as remotely executing commands. This works over internal and internet networks.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_9":{"id":"5ab15006daf6_9","__typename":"Paragraph","name":"b095","text":"Because BPFDoor doesn’t open any inbound network ports, doesn’t use an outbound C2, and it renames its own process in Linux (so ps aux, for example, will show a friendly name) it is highly evasive.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_10":{"id":"5ab15006daf6_10","__typename":"Paragraph","name":"623c","text":"I swept the internet for BPFDoor throughout 2021, and discovered it is installed at organisations in across the globe— in particular the US, South Korea, Hong Kong, Turkey, India, Viet Nam and Myanmar, and is highly evasive. These organisations include government systems, postal and logistic systems, education systems and more.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_11":{"id":"5ab15006daf6_11","__typename":"Paragraph","name":"5756","text":"Inside those organisations I believe it is likely present on thousands of systems. The implant appears to be for surveillance purposes.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_12":{"id":"5ab15006daf6_12","__typename":"Paragraph","name":"8dcf","text":"Per PwC:","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_13":{"id":"5ab15006daf6_13","__typename":"Paragraph","name":"db07","text":"We also identified that the threat actor sends commands to BPFDoor victims via Virtual Private Servers (VPSs) hosted at a well-known provider, and that these VPSs, in turn, are administered via compromised routers based in Taiwan, which the threat actor uses as VPN tunnels. Most Red Menshen activity that we observed took place between Monday to Friday (with none observed on the weekends), with most communication taking place between 01:00 and 10:00 UTC. This pattern suggests a consistent 8 to 9-hour activity window for the threat actor, with realistic probability of it aligning to local working hours.","type":"BQ","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_14":{"id":"5ab15006daf6_14","__typename":"Paragraph","name":"d85a","text":"The implant has been in use for many years — over 5 — and has flown under the radar.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":true,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_15":{"id":"5ab15006daf6_15","__typename":"Paragraph","name":"28fc","text":"Versions exist for Linux appliances, Solaris SPARC boxes and more. For example, here’s a Solaris version first uploaded to VirusTotal in 2019:","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_16":{"id":"5ab15006daf6_16","__typename":"Paragraph","name":"b53b","text":"VirusTotal — File — dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":0,"end":84,"href":"https:\u002F\u002Fwww.virustotal.com\u002Fgui\u002Ffile\u002Fdc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a\u002Fdetection\u002Ff-dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a-1567566897","anchorType":"LINK","userId":null,"linkMetadata":null}]},"Paragraph:5ab15006daf6_17":{"id":"5ab15006daf6_17","__typename":"Paragraph","name":"5cb3","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:1*iZ7-ELTs_jVNwS92wx8buA.png"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_18":{"id":"5ab15006daf6_18","__typename":"Paragraph","name":"1d23","text":"Nextron Systems THOR was detecting the activity over the past year or so, visible in VirusTotal comments:","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_19":{"id":"5ab15006daf6_19","__typename":"Paragraph","name":"2d1a","text":"","type":"IFRAME","href":null,"layout":"INSET_CENTER","metadata":null,"hasDropCap":null,"iframe":{"__typename":"Iframe","mediaResource":{"__ref":"MediaResource:2cb66600dd36bb2abfb7bf20b1c33c5f"}},"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_20":{"id":"5ab15006daf6_20","__typename":"Paragraph","name":"08a7","text":"Indicators of Compromise and Indicators of Attack","type":"H3","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_21":{"id":"5ab15006daf6_21","__typename":"Paragraph","name":"fff8","text":"(note that each implant has a unique hash, so hunting for file hashes is a BAD IDEA).","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"EM","start":75,"end":83,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}]},"Paragraph:5ab15006daf6_22":{"id":"5ab15006daf6_22","__typename":"Paragraph","name":"1adc","text":"VirusTotal — Collections — BPFDoor","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":0,"end":34,"href":"https:\u002F\u002Fwww.virustotal.com\u002Fgui\u002Fcollection\u002Fdd82ee900dd15a5d6205d7aeb8a0c9d60e1b3c93c678cfd7a8fa7be444afefe7\u002Fiocs","anchorType":"LINK","userId":null,"linkMetadata":null}]},"Paragraph:5ab15006daf6_23":{"id":"5ab15006daf6_23","__typename":"Paragraph","name":"ea2e","text":"YARA rules:","type":"ULI","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[]},"Paragraph:5ab15006daf6_24":{"id":"5ab15006daf6_24","__typename":"Paragraph","name":"e87f","text":"signature-base\u002Fmal_lnx_implant_may22.yar at master · Neo23x0\u002Fsignature-base (github.com)","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":0,"end":88,"href":"https:\u002F\u002Fgithub.com\u002FNeo23x0\u002Fsignature-base\u002Fblob\u002Fmaster\u002Fyara\u002Fmal_lnx_implant_may22.yar","anchorType":"LINK","userId":null,"linkMetadata":null}]},"Paragraph:5ab15006daf6_25":{"id":"5ab15006daf6_25","__typename":"Paragraph","name":"f9ed","text":"ThreatHunting\u002FBPFDoor-Unknown.yar at master · GossiTheDog\u002FThreatHunting (github.com)","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":0,"end":84,"href":"https:\u002F\u002Fgithub.com\u002FGossiTheDog\u002FThreatHunting\u002Fblob\u002Fmaster\u002FYARA\u002FBPFDoor-Unknown.yar","anchorType":"LINK","userId":null,"linkMetadata":null}]},"Paragraph:5ab15006daf6_26":{"id":"5ab15006daf6_26","__typename":"Paragraph","name":"b730","text":"Files in \u002Fdev\u002Fshm such as \u002Fdev\u002Fshm\u002Fkdmtmpflush","type":"ULI","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"STRONG","start":8,"end":18,"href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","type":"STRONG","start":25,"end":46,"href":null,"anchorType":null,"userId":null,"linkMetadata":null}]},"Paragraph:5ab15006daf6_27":{"id":"5ab15006daf6_27","__typename":"Paragraph","name":"e973","text":"Sandbox report from 2019 — includes useful commands; Automated Malware Analysis Report for m8XMnec4Vb.elf — Generated by Joe Sandbox","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"dropCapImage":null,"markups":[{"__typename":"Markup","type":"A","start":53,"end":132,"href":"https:\u002F\u002Fwww.joesandbox.com\u002Fanalysis\u002F185754\u002F0\u002Fhtml","anchorType":"LINK","userId":null,"linkMetadata":null}]},"ImageMetadata:0*Su8mxpojVBSA5vu5":{"id":"0*Su8mxpojVBSA5vu5","__typename":"ImageMetadata","originalHeight":552,"originalWidth":565,"focusPercentX":null,"focusPercentY":null,"alt":null},"MediaResource:86beb9a1d5198a3383c114c46be9ffcf":{"id":"86beb9a1d5198a3383c114c46be9ffcf","__typename":"MediaResource","iframeSrc":"https:\u002F\u002Fcdn.embedly.com\u002Fwidgets\u002Fmedia.html?type=text%2Fhtml&key=a19fcc184b9711e1b4764040d3dc5c07&schema=twitter&url=https%3A\u002F\u002Ftwitter.com\u002Fjcksnsec\u002Fstatus\u002F1522163033585467393&image=https%3A\u002F\u002Fi.embed.ly\u002F1\u002Fimage%3Furl%3Dhttps%253A%252F%252Fabs.twimg.com%252Ferrors%252Flogo46x38.png%26key%3Da19fcc184b9711e1b4764040d3dc5c07","iframeHeight":281,"iframeWidth":500,"title":"Ben on Twitter: \"Nice find! This is a controller for a passive backdoor, BPFDoor, used by a China-based threat we track as Red Menshen. If you want to learn more, @Cyb3rBilly and I will be talking about Red Menshen and other CN threats to telecoms environments @WEareTROOPERS in June. https:\u002F\u002Ft.co\u002F1O2oOMrlGf \u002F Twitter\""},"ImageMetadata:1*IXT0IHLg56KOuzwIEsAKfA.png":{"id":"1*IXT0IHLg56KOuzwIEsAKfA.png","__typename":"ImageMetadata","originalHeight":694,"originalWidth":688,"focusPercentX":null,"focusPercentY":null,"alt":null},"ImageMetadata:1*iZ7-ELTs_jVNwS92wx8buA.png":{"id":"1*iZ7-ELTs_jVNwS92wx8buA.png","__typename":"ImageMetadata","originalHeight":730,"originalWidth":1969,"focusPercentX":null,"focusPercentY":null,"alt":null},"MediaResource:2cb66600dd36bb2abfb7bf20b1c33c5f":{"id":"2cb66600dd36bb2abfb7bf20b1c33c5f","__typename":"MediaResource","iframeSrc":"https:\u002F\u002Fcdn.embedly.com\u002Fwidgets\u002Fmedia.html?type=text%2Fhtml&key=a19fcc184b9711e1b4764040d3dc5c07&schema=twitter&url=https%3A\u002F\u002Ftwitter.com\u002Fcyb3rops\u002Fstatus\u002F1522167272239861761&image=https%3A\u002F\u002Fi.embed.ly\u002F1\u002Fimage%3Furl%3Dhttps%253A%252F%252Fabs.twimg.com%252Ferrors%252Flogo46x38.png%26key%3Da19fcc184b9711e1b4764040d3dc5c07","iframeHeight":281,"iframeWidth":500,"title":"Florian Roth ⚡️ on Twitter: \"\u003C proud ☺️ pic.twitter.com\u002Fq5puKEBNOX \u002F Twitter\""},"Tag:bpfdoor":{"id":"bpfdoor","__typename":"Tag"},"Tag:cybersecurity":{"id":"cybersecurity","__typename":"Tag"},"Topic:d4e7f4144ac5":{"id":"d4e7f4144ac5","__typename":"Topic","slug":"cybersecurity","name":"Cybersecurity"},"CollectionViewerEdge:collectionId:8343faddf0ec-viewerId:lo_9b52e2fa2c9e":{"id":"collectionId:8343faddf0ec-viewerId:lo_9b52e2fa2c9e","__typename":"CollectionViewerEdge","isEditor":false},"User:c5346ec57f29":{"id":"c5346ec57f29","__typename":"User","imageId":"1*uK1SRzc37ghaqfgnm6xYcQ.jpeg","mediumMemberAt":1620812862000,"name":"Richard de Vries","username":"vries-richard-de","customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"vries-richard-de.medium.com"}},"hasSubdomain":true,"bio":"A passionate security professional who shares his knowledge, wisdom, and experiences to ensure we can make the world a little bit more secure."},"Collection:f41e9a52869e":{"id":"f41e9a52869e","__typename":"Collection","name":"Tales from a Security Professional","domain":"tales-from-a-security-professional.com","slug":"tales-from-a-security-professional"},"ImageMetadata:0*TAuC2BN0XhBEI8Eb.png":{"id":"0*TAuC2BN0XhBEI8Eb.png","__typename":"ImageMetadata","alt":null,"focusPercentX":null,"focusPercentY":null},"Post:7cd46b2de1a7":{"id":"7cd46b2de1a7","__typename":"Post","title":"What is the lifecycle of an exploit?","mediumUrl":"https:\u002F\u002Ftales-from-a-security-professional.com\u002Fwhat-is-the-lifecycle-of-an-exploit-7cd46b2de1a7","creator":{"__ref":"User:c5346ec57f29"},"previewContent":{"__typename":"PreviewContent","subtitle":"Everything within the IT landscape has a lifecycle. Exploits are no exception. But what does this lifecycle looks like?","isFullContent":false},"collection":{"__ref":"Collection:f41e9a52869e"},"previewImage":{"__ref":"ImageMetadata:0*TAuC2BN0XhBEI8Eb.png"},"clapCount":0,"visibility":"LOCKED","isSeries":false,"sequence":null,"uniqueSlug":"what-is-the-lifecycle-of-an-exploit-7cd46b2de1a7"},"User:5cfa35a50265":{"id":"5cfa35a50265","__typename":"User","imageId":"1*s75_RCDVyZGl_kJlbHFEsQ.png","mediumMemberAt":0,"name":"Andre Camillo","username":"andrecamillo","customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"andrecamillo.medium.com"}},"hasSubdomain":true,"bio":"Passionate about Network, Cloud and Security technologies. Technical Specialist @Microsoft. Opinions are my own."},"Collection:f20a9840e177":{"id":"f20a9840e177","__typename":"Collection","name":"System Weakness","domain":"systemweakness.com","slug":"system-weakness"},"ImageMetadata:0*xD14Uu6SBSKoEa46":{"id":"0*xD14Uu6SBSKoEa46","__typename":"ImageMetadata","alt":null,"focusPercentX":null,"focusPercentY":null},"Post:9cefcc421ed4":{"id":"9cefcc421ed4","__typename":"Post","title":"Cyberthreats listed as one of the biggest Global Risks for 2022 — here’s what can you do to help?","mediumUrl":"https:\u002F\u002Fsystemweakness.com\u002Fcyberthreats-listed-as-one-of-the-biggest-global-risks-for-2022-heres-what-can-you-do-to-help-9cefcc421ed4","creator":{"__ref":"User:5cfa35a50265"},"previewContent":{"__typename":"PreviewContent","subtitle":"Cyber Security has gained a lot of visibility in recent years from public and governmental organizations that are concerned with citizens…","isFullContent":false},"collection":{"__ref":"Collection:f20a9840e177"},"previewImage":{"__ref":"ImageMetadata:0*xD14Uu6SBSKoEa46"},"clapCount":0,"visibility":"LOCKED","isSeries":false,"sequence":null,"uniqueSlug":"cyberthreats-listed-as-one-of-the-biggest-global-risks-for-2022-heres-what-can-you-do-to-help-9cefcc421ed4"},"User:f2138d8d228a":{"id":"f2138d8d228a","__typename":"User","imageId":"1*XBAXHEPf4pBv7g1i_CKtHg.png","mediumMemberAt":0,"name":"Alexis Rodriguez","username":"bin3xish477","customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"bin3xish477.medium.com"}},"hasSubdomain":true,"bio":"I am a Pentester who writes about Cybersecurity and anything related to technology."},"Collection:9758482ba857":{"id":"9758482ba857","__typename":"Collection","name":"Geek Culture","domain":null,"slug":"geekculture"},"ImageMetadata:1*k8pL0Lioo0T4GPGoUIsNcw.png":{"id":"1*k8pL0Lioo0T4GPGoUIsNcw.png","__typename":"ImageMetadata","alt":null,"focusPercentX":null,"focusPercentY":null},"Post:d2cf8f1724c3":{"id":"d2cf8f1724c3","__typename":"Post","title":"How to Use Rumble For Asset Discovery","mediumUrl":"https:\u002F\u002Fmedium.com\u002Fgeekculture\u002Fhow-to-use-rumble-for-asset-discovery-d2cf8f1724c3","creator":{"__ref":"User:f2138d8d228a"},"previewContent":{"__typename":"PreviewContent","subtitle":"Comprehensive Asset Discovery Made Easy","isFullContent":false},"collection":{"__ref":"Collection:9758482ba857"},"previewImage":{"__ref":"ImageMetadata:1*k8pL0Lioo0T4GPGoUIsNcw.png"},"clapCount":16,"visibility":"LOCKED","isSeries":false,"sequence":null,"uniqueSlug":"how-to-use-rumble-for-asset-discovery-d2cf8f1724c3"},"User:2860dcbb171d":{"id":"2860dcbb171d","__typename":"User","imageId":"1*sMkbLwGsM1UtuXpc88he3g@2x.jpeg","mediumMemberAt":0,"name":"Katlyn Gallo","username":"katlyngallo","customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"katlyngallo.medium.com"}},"hasSubdomain":true,"bio":"Coffee lover, bookworm, and InfoSec enthusiast | https:\u002F\u002Fktgblogs.com | Find me on Twitter & Instagram: @ktgblogstech"},"Collection:38222a97af40":{"id":"38222a97af40","__typename":"Collection","name":"Dark Roast Security","domain":null,"slug":"dark-roast-security"},"ImageMetadata:0*U9TFhSYQLMh7m6A2.jpg":{"id":"0*U9TFhSYQLMh7m6A2.jpg","__typename":"ImageMetadata","alt":null,"focusPercentX":null,"focusPercentY":null},"Post:2ceedb2981fa":{"id":"2ceedb2981fa","__typename":"Post","title":"Light Roast 110: Intro to DNS Attack Types","mediumUrl":"https:\u002F\u002Fmedium.com\u002Fdark-roast-security\u002Flight-roast-110-intro-to-dns-attack-types-2ceedb2981fa","creator":{"__ref":"User:2860dcbb171d"},"previewContent":{"__typename":"PreviewContent","subtitle":"A closer look at DNS and how it’s used in cyberattacks.","isFullContent":false},"collection":{"__ref":"Collection:38222a97af40"},"previewImage":{"__ref":"ImageMetadata:0*U9TFhSYQLMh7m6A2.jpg"},"clapCount":78,"visibility":"LOCKED","isSeries":false,"sequence":null,"uniqueSlug":"light-roast-110-intro-to-dns-attack-types-2ceedb2981fa"},"User:10461b8c86ef":{"id":"10461b8c86ef","__typename":"User","name":"Omar Kurt","bio":"Security Researcher & QA Tester at @netsparker","imageId":"1*Y3qk0OVcgPzwj7EtHmwFyg.png","mediumMemberAt":0,"username":"omarkurt","customDomainState":null,"hasSubdomain":false},"User:106b58b5a19b":{"id":"106b58b5a19b","__typename":"User","name":"David","bio":"","imageId":"1*dmbNkD5D-u45r44go_cf0g.png","mediumMemberAt":1578653390000,"username":"dale6667","customDomainState":null,"hasSubdomain":false},"User:108093fb25ff":{"id":"108093fb25ff","__typename":"User","name":"Igor Stepanenko","bio":"","imageId":"0*4g9n9j3FsH3gnJOL.jpg","mediumMemberAt":0,"username":"ixghzx","customDomainState":null,"hasSubdomain":false},"User:108994eb3352":{"id":"108994eb3352","__typename":"User","name":"Damien K. Sedgwick","bio":"frontend development && computer science","imageId":"1*YP9jjxgthooCbQVhpaOh-g.png","mediumMemberAt":0,"username":"b1narylife","customDomainState":null,"hasSubdomain":false},"User:10b1b357a15d":{"id":"10b1b357a15d","__typename":"User","name":"Ken McFerron","bio":"","imageId":"0*FM03QGcoMKzYMScl.","mediumMemberAt":0,"username":"kmcferron","customDomainState":null,"hasSubdomain":false},"User:10b1be56d734":{"id":"10b1be56d734","__typename":"User","name":"Max Romano","bio":"","imageId":"1*dmbNkD5D-u45r44go_cf0g.png","mediumMemberAt":0,"username":"maxrom","customDomainState":null,"hasSubdomain":false},"User:10cb72175e53":{"id":"10cb72175e53","__typename":"User","name":"Hande Arici","bio":"","imageId":"1*727ao9-1o7RO8-NFVb2QPg.png","mediumMemberAt":1623150273000,"username":"handearici","customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"handearici.com"}},"hasSubdomain":true},"User:10d184b80914":{"id":"10d184b80914","__typename":"User","name":"Mahad Ahmed","bio":"who u snoopn for","imageId":"1*2g88f8Jv03Uxib8Cd14Xlg.jpeg","mediumMemberAt":0,"username":"pkeagle8","customDomainState":null,"hasSubdomain":false},"User:10de2a453240":{"id":"10de2a453240","__typename":"User","name":"Rogue","bio":"Lady Data Security. Award-winning writer. #Crisis\u002F#risk mgment with #OSINT. #Infosec columnist @ZDNetfr. Curator @desidedata #Maker, polylingual bookworm.","imageId":"1*RWyVxwuBGoHVn6veu9y4ng.jpeg","mediumMemberAt":0,"username":"maliciarogue","customDomainState":null,"hasSubdomain":false},"User:10ec36631bef":{"id":"10ec36631bef","__typename":"User","name":"Sidharth B Nair","bio":"","imageId":"0*RsRo2766GLDJ4Jr2.","mediumMemberAt":0,"username":"sidharthbnair","customDomainState":null,"hasSubdomain":false}}</script><script src="https://cdn-client.medium.com/lite/static/js/manifest.397ea66d.js"></script><script src="https://cdn-client.medium.com/lite/static/js/5040.62718a97.js"></script><script src="https://cdn-client.medium.com/lite/static/js/main.12ecd98b.js"></script><script src="https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/instrumentation.3c974b48.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/407.6b0ceaf5.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/9216.3db13475.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/AppLayout.97c1c8bf.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/reporting.f90575a9.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/3402.43690127.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/7794.9590314e.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/8316.18f2a6aa.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/5221.181764f4.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/3928.41df235f.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/5472.5f6d4371.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/2981.a5db1477.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/5260.626b1a4f.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/4869.72713845.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/7404.8e1be3ba.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/455.f5fbf145.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/7070.088d513c.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/7217.3953b0f0.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/8491.2fcfbcef.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/9211.b7a00c16.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/6562.e778b1c6.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/7215.d799b2b5.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/864.d1b390df.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/4351.0369de5f.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/82.e1c0faca.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/108.e6e56d60.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/5281.652a7988.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/4483.5048fd96.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/5436.5bb5dddb.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/3043.34648c6a.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/8363.2f2b9025.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/8849.e115d3a3.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.1011d8d1.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/9397.dc6a2e15.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/6867.bcfa4e6c.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/6105.b574ef31.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.723debc8.chunk.js"></script><script>window.main();</script></body></html>